GPU Evidence Verification#

Components used to perform GPU evidence verification and produce attestation results (claims) for a relying party.

Functions#

nvat_rc_t nvat_gpu_local_verifier_create(nvat_gpu_local_verifier_t *out_verifier, nvat_rim_store_t rim_store, nvat_ocsp_client_t ocsp_client, nvat_detached_eat_options_t detached_eat_options)

Create a local verifier to appraise evidence in the current process.

nvat_gpu_verifier_t nvat_gpu_local_verifier_upcast(nvat_gpu_local_verifier_t verifier)

nvat_rc_t nvat_gpu_nras_verifier_create(nvat_gpu_nras_verifier_t *out_verifier, const char *base_url, const nvat_http_options_t http_options)

Create a remote verifier that uses NVIDIA Remote Attestation Service to appraise evidence.

nvat_gpu_verifier_t nvat_gpu_nras_verifier_upcast(nvat_gpu_nras_verifier_t verifier)

void nvat_gpu_verifier_free(nvat_gpu_verifier_t *gpu_verifier)

nvat_rc_t nvat_verify_gpu_evidence(const nvat_gpu_verifier_t verifier, const nvat_gpu_evidence_t *gpu_evidence_array, size_t num_evidences, const nvat_evidence_policy_t policy, nvat_str_t *out_detached_eat, nvat_claims_collection_t *out_claims)

Verify GPU evidence against a given evidence policy.

Typedefs#

nvat_gpu_local_verifier_t

nvat_gpu_nras_verifier_t

nvat_gpu_verifier_t

Evaluates GPU evidence to produce attestation results (claims) indicating the validity of submitted evidence.

Functions#

nvat_rc_t nvat_gpu_local_verifier_create(
nvat_gpu_local_verifier_t *out_verifier,
nvat_rim_store_t rim_store,
nvat_ocsp_client_t ocsp_client,
nvat_detached_eat_options_t detached_eat_options,
)#

Create a local verifier to appraise evidence in the current process.

Verify evidence in the current process. The local verifier should be used either in:

  • a TEE connected to the attester

  • a remote attestation service running in a secure cloud environment

Local verification outside of these use cases is not recommended as the verification process can be compromised by malicious actors with elevated privileges on the host.

Parameters:

  • rim_store – See nvat_rim_store_st for more information.

  • ocsp_client – See nvat_ocsp_client_st for more information.

  • detached_eat_options – If NULL, will use default detached EAT options. See nvat_detached_eat_options_st for more information.

nvat_gpu_verifier_t nvat_gpu_local_verifier_upcast(
nvat_gpu_local_verifier_t verifier,
)#
nvat_rc_t nvat_gpu_nras_verifier_create(
nvat_gpu_nras_verifier_t *out_verifier,
const char *base_url,
const nvat_http_options_t http_options,
)#

Create a remote verifier that uses NVIDIA Remote Attestation Service to appraise evidence.

URL can also be set using the NVAT_NRAS_BASE_URL environment variable.

Parameters:

  • base_url – If NULL, will use the default NRAS production base URL

  • http_options – If NULL, will use default HTTP options

nvat_gpu_verifier_t nvat_gpu_nras_verifier_upcast(
nvat_gpu_nras_verifier_t verifier,
)#
void nvat_gpu_verifier_free(nvat_gpu_verifier_t *gpu_verifier)#
nvat_rc_t nvat_verify_gpu_evidence(
const nvat_gpu_verifier_t verifier,
const nvat_gpu_evidence_t *gpu_evidence_array,
size_t num_evidences,
const nvat_evidence_policy_t policy,
nvat_str_t *out_detached_eat,
nvat_claims_collection_t *out_claims,
)#

Verify GPU evidence against a given evidence policy.

Parameters:

  • verifier – - The GPU verifier to use.

  • gpu_evidence_array – The GPU evidences to verify.

  • num_evidences – The number of evidences in the collection.

  • policy – The evidence policy to apply.

  • out_detached_eat – Pointer to store the detached EAT, which is a NULL terminated JSON string. Pass NULL to not generate the detached EAT.

  • out_claims – Pointer to store the resulting claims.

Returns:

  • NVAT_RC_OK if the evidence is verified successfully

  • NVAT_RC_OVERALL_RESULT_FALSE if the x-nvidia-overall-result claim is false in the detached EAT This error can only be returned in out_detached_eat is not NULL (otherwise detached EAT is not generated)

  • Other error codes

Typedefs#

typedef struct nvat_gpu_local_verifier_st *nvat_gpu_local_verifier_t#
typedef struct nvat_gpu_nras_verifier_st *nvat_gpu_nras_verifier_t#
typedef struct nvat_gpu_verifier_st *nvat_gpu_verifier_t#

Evaluates GPU evidence to produce attestation results (claims) indicating the validity of submitted evidence.