Quick Start Guide

Prerequisites

• HGX system with 8 GPUs and 4 switches assigned to the single tenant

• python >= 3.9

• git installed

• Nvidia GPU driver installed

• Nvidia Switch driver installed

• Nvidia Fabric Manager installed

Installation/Dependencies

PPCIE Verifier has the following dependencies:

• nv-attestation-sdk (Attestation SDK)

• nv-local-gpu-verifier (Local GPU Verifier)

• nv-switch-verifier (Local Switch Verifier) Note: nv-switch-verifier (Local Switch Verifier) This is a module inside attestation-sdk and does not require separate installation

Installation Instructions:

1. Please elevate to Root User Privileges before installing the packages: (Note: This is necessary to set the GPU ready state)

   sudo -i
   

2. Create a new virtual environment and install PPCIE Verifier from PyPi repository

   python3 -m venv venv
   
   source venv/bin/activate
   
   pip3 install nv-ppcie-verifier 
   

Usage

python3 -m ppcie.verifier.verification --gpu-attestation-mode=LOCAL --switch-attestation-mode=LOCAL (Example arguments provided)

Options

Option	Description	Value Options
--gpu-attestation-mode	Type of GPU Attestation	LOCAL, REMOTE
--switch-attestation-mode	Type of nvSwitch Attestation	LOCAL, REMOTE
--log	Configure log level	DEBUG, INFO, WARNING, ERROR, TRACE, CRITICAL
--allow-hold-cert	Enable attestation when OCSP status of certificate is cert hold	N/A
--rim-url RIM_SERVICE_URL	The URL to be used for fetching driver and VBIOS RIM files (e.g., https://rim.attestation.nvidia.com/v1/rim)
--ocsp-url OCSP_SERVICE_URL	The URL to be used for checking the revocation status of a certificate (e.g., https://ocsp.ndis.nvidia.com/)
--ocsp-nonce-disabled	Flag which indicates whether to include a nonce when calling OCSP. Only applicable for local GPU attestation. False by default
--service-key	Service key which is used to auth remote service calls to attestation services. None by default. Note: No valid service keys have been created by admins yet - using any key will result in attestation failure.
--claims-version	Specify the claims version to retrieve version-specific attestation claims (e.g., 2.0). Please refer to the Claims Guide for the claims. If the claims version is not set, it defaults to 2.0.	“2.0” or “3.0”

Example Implementation

• For a complete end-to-end PPCIE attestation example with sample output, decoded tokens, and verification processes for both local and remote attestation modes, see the Hopper Multi-GPU (PPCIE) Attestation Example.