Introduction#

The Reference Integrity Manifest (RIM) Service is a cloud-based file-hosting service that provides a mechanism for secure transfers of requested RIM bundles by Attestation platforms for GPU Attestation. The RIM Service acts as a centralized repository maintained by NVIDIA, ensuring that verifiers always have access to the latest trusted reference values needed for attestation validation.

Background#

“Reference Values” used in Attestation are Reference Integrity Manifest (RIM) structures generated as part of the Driver and VBIOS builds. These structures are then utilized by Verifiers to validate against the actual values (“Evidence”) collected from a GPU at runtime. The RIM Service provides a scalable and reliable mechanism for distributing these critical reference values to attestation systems.

For GPU inband attestation, the following components are measured and validated against RIM bundles:

  • Static HW Configurations: Hardware configuration parameters that define the GPU’s baseline setup

  • Firmware / VBIOS: The firmware and Video BIOS versions running on the GPU

  • HW Initialization States: Hardware initialization state information captured during GPU boot

  • Runtime / Dynamic States: Dynamic runtime states and configurations of the GPU during operation

  • Driver UCodes: Driver microcode components loaded and executed by the GPU

  • Signed Opaque Data: Cryptographically signed proprietary data structures used in attestation

Key Advantages#

  • Centralized Repository: Provides a single, authoritative source for all NVIDIA GPU reference integrity manifests, eliminating the need for organizations to maintain their own local repositories.

  • Secure Storage: All RIM bundles are cryptographically signed by NVIDIA and protected by industry-standard security practices, ensuring integrity and authenticity.

  • Trust Boundaries: Hosts RIM bundles outside of customer infrastructure, ensuring reference values remain isolated from potentially compromised environments.

  • Seamless Integration: Integrates seamlessly with NVIDIA’s attestation ecosystem (NRAS, Local Verifier SDK) through simple API calls, eliminating manual processes.

  • High Availability: Built on enterprise-grade cloud infrastructure to handle requests from distributed attestation systems worldwide with high reliability.

Privacy Notice#

NVIDIA will collect IP addresses and information about your GPU, including the device’s unique identity and device certificates that uniquely identify your GPU, in order to provide this GPU Attestation Service and for security, debugging, and troubleshooting purposes. Data collected will be deleted when it is no longer needed for these purposes.

On this page