Quick Start Guide#

Prerequisites#

HGX system with 8 GPUs and 4 switches assigned to the single tenant
python >= 3.9
git installed
Nvidia GPU driver installed
Nvidia Switch driver installed
Nvidia Fabric Manager installed

Installation/Dependencies#

dependencies.png

PPCIE Verifier has the following dependencies:

  • nv-attestation-sdk (Attestation SDK)

  • nv-local-gpu-verifier (Local GPU Verifier)

  • nv-switch-verifier (Local Switch Verifier) Note: nv-switch-verifier (Local Switch Verifier) This is a module inside attestation-sdk and does not require separate installation

Installation Instructions:

Please elevate to Root User Privileges before installing the packages: (Note: This is necessary to set the GPU ready state)

     sudo -i

Method 1: Using installer script

    1. git clone https://github.com/NVIDIA/nvtrust
    2. cd nvtrust/guest_tools/ppcie-verifier/install
    3. source ppcie-installer.sh  (This would install the required dependencies)

Method 2: Using PyPI (Requires python virtual environment creation)

    1. python3 -m venv venv
    2. source venv/bin/activate
    3. pip3 install nv-ppcie-verifier (This would automatically install nv-attestation-sdk, nv-local-gpu-verifier and nv-switch-verifier)

Usage#

python3 -m ppcie.verifier.verification --gpu-attestation-mode=LOCAL --switch-attestation-mode=LOCAL (Example arguments provided)

Options#

Option

Description

Value Options

--gpu-attestation-mode

Type of GPU Attestation

LOCAL, REMOTE

--switch-attestation-mode

Type of nvSwitch Attestation

LOCAL, REMOTE

--log

Configure log level

DEBUG, INFO, WARNING, ERROR, TRACE, CRITICAL

--allow-hold-cert

Enable attestation when OCSP status of certificate is cert hold

N/A

--rim-url RIM_SERVICE_URL

The URL to be used for fetching driver and VBIOS RIM files (e.g., https://rim.nvidia.com/rims/)

--ocsp-url OCSP_SERVICE_URL

The URL to be used for checking the revocation status of a certificate (e.g., https://ocsp.ndis.nvidia.com/)

--ocsp-nonce-disabled

Flag which indicates whether to include a nonce when calling OCSP. Only applicable for local GPU attestation. False by default

--service-key

Service key which is used to auth remote service calls to attestation services. None by default. Note: No valid service keys have been created by admins yet - using any key will result in attestation failure.

--claims-version

Specify the claims version to retrieve version-specific attestation claims (e.g., 2.0). Please refer to the Claims Guide for the claims. If the claims version is not set, it defaults to 2.0.

“2.0” or “3.0”
On this page