Architecture

High-Level Architecture Diagram

The PPCIE verifier is a tool designed to verify the security of the multi-GPU system by attesting to the integrity of its GPUs and NVSwitches. The attestation SDK is used to gather evidence for each device, with further attestation performed either locally or remotely, as specified by the user when running the PPCIE Verifier tool.

After collecting attestation results for each device, the PPCIE verifier validates these results against a policy file to confirm that all claims are legitimate. Following the attestation process, the tool conducts a final topology check to verify that the devices are securely connected to the expected configuration. The final attestation results are then presented to the user, detailing the checks performed.

Detailed Architecture Flow

1. The PPCIE Verifier tool is initiated by the user, who specifies the attestation mode for both GPUs and NvSwitches.

2. The system components are enumerated (number of GPUs and NvSwitches).

3. Pre-checks are performed on each GPU to ensure it is configured for confidential computing.

4. Pre-checks are performed on each NvSwitch to ensure it is configured for confidential computing.

5. The required GPU evidence for attestation is collected from the Attestation SDK for each GPU.

6. Once the evidence is collected, the PPCIE Verifier tool initiates attestation verification based on the mode specified by the user.

7. GPU attestation is initiated by the Attestation SDK: the local-gpu-verifier is used for local attestation, while NRAS (NVIDIA’s Remote Attestation Service) is used for remote attestation.

8. The Attestation SDK provides GPU attestation results to the PPCIE Verifier.

9. If the GPU attestation is successful, the PPCIE Verifier proceeds to collect evidence for the NvSwitches from the Attestation SDK.

10. Once all NvSwitch evidence is collected, attestation is initiated by the PPCIE Verifier.

11. NvSwitch attestation is performed by the Attestation SDK: the local-switch-verifier is used for local attestation, while NRAS is used for remote attestation.

12. The Attestation SDK provides NvSwitch attestation results to the PPCIE Verifier.

13. If the NvSwitch attestation is successful, the PPCIE Verifier performs a topology check to ensure the devices are securely connected in the expected configuration.

14. The PPCIE Verifier determines the overall results and updates the status for each check it performs.

15. The GPU ready state is set.

16. The final attestation results are presented to the user, detailing the checks performed and the status of each device in the system.