Quick Start Guide#

Prerequisites#

  • HGX system with 8 GPUs and 4 switches assigned to the single tenant

  • python >= 3.9

  • git installed

  • Nvidia GPU driver installed

  • Nvidia Switch driver installed

  • Nvidia Fabric Manager installed

  • NVIDIA Attestation CLI (nvattest) must be installed — follow the NVIDIA Attestation CLI documentation (also installs the Attestation CPP SDK)

Installation#

Installation Instructions:

Before installing PPCIE Verifier, verify nvattest is installed and on your PATH:

nvattest version

Please elevate to Root User Privileges before installing the packages: (Note: This is necessary to set the GPU ready state)

sudo -i

Method 1: Using installer script

1. git clone https://github.com/NVIDIA/nvtrust
2. cd nvtrust/guest_tools/ppcie-verifier-sdk-cpp/install
3. source ppcie-installer.sh

Method 2: Using PyPI (Requires python virtual environment creation)

1. python3 -m venv venv
2. source venv/bin/activate
3. pip3 install nv-ppcie-verifier

Usage#

  • Evidence collection from devices

python3 -m ppcie.verifier.verification --verifier local

  • Using pre-collected evidence files

python3 -m ppcie.verifier.verification --verifier remote --gpu-evidence /path/to/gpu_evidence.json --switch-evidence /path/to/switch_evidence.json --nonce 0x931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb

  • Using service key for authentication

export NVIDIA_ATTESTATION_SERVICE_KEY="your-service-key"
python3 -m ppcie.verifier.verification --verifier remote --service-key $NVIDIA_ATTESTATION_SERVICE_KEY --nras-url https://nras.attestation.nvidia.com

Options#

Option

Description

Value Options

--verifier

Type of GPU and NvSwitch Attestation

local, remote

--nonce

Nonce for the attestation in hex format. If not provided, a nonce will be generated

string (hex)

--gpu-evidence

JSON evidence file to use instead of NVML

file path

--switch-evidence

JSON evidence file to use instead of NSCQ

file path

--relying-party-policy

Rego policy file

file path

--rim-url

Base URL for the NVIDIA RIM service (e.g.: https://rim.attestation.nvidia.com)

URL

--ocsp-url

Base URL for the OCSP responder (e.g.: https://ocsp.ndis.nvidia.com)

URL

--nras-url

Base URL for the NVIDIA Remote Attestation Service (e.g.: https://nras.attestation.nvidia.com)

URL

--log-level

Configure log level level

trace, debug, info, warn, error, off

--service-key

Service key used to authenticate remote service calls to attestation services. To obtain a service key, follow the NGC Onboarding Guide

string
On this page