Quick Start Guide

Overview

The C API of nvat is located here This document follows the terminology and architectural concepts defined in the Remote Attestation Procedures Architecture (RATS) RFC.

The API is divided into high level and low level APIs.

The high level API offers a pluggable interface to perform end-to-end system attestation, which includes collecting evidence from an attester, submitting the evidence to a verifier to obtain attestation results, and applying appraisal policies to attestation results. The entrypoint for the high level APIs is nvat_attest_device().

The SDK also provides low-level APIs for advanced or custom attestation workflows. These APIs allow you to directly collect evidence, verify evidence, and evaluate attestation results as needed. For example, you can use nvat_gpu_evidence_collect() to gather GPU evidence from a system. This function is useful if you need to submit evidence to a custom verifier or save it for auditing. Similarly, nvat_verify_gpu_evidence() can be used to verify evidence that was collected elsewhere or at a different time.

Check API groups to see all the api’s, categorized by their functionality.

Conventions

• Allocations:

  • All structures besides return codes, primitive flags, and bitmaps are opaque and cannot be allocated on the stack. For example, nvat_sdk_opts_t is defined as typedef nvat_sdk_opts_st* nvat_sdk_opts_t. nvat_sdk_opts_st is forward declared and cannot be directly used outside the SDK. The rest of this document will omit this detail for brevity.

  • All structures are allocated on the heap using functions named nvat_<type>_create and released using nvat_<type>_destroy.

  • Most objects internally implement reference counting, so the user must free the objects created by SDK. Any exceptions will be called out in the API documentation.

• Error handling:

  • All fallible errors return nvat_rc_t (NVAT_RC_OK to indicate the success case) .

  • Return values are communicated to callers using out parameters which are always the last parameter of a function signature.

Getting Started

The NVIDIA Attestation SDK provides a simple C API for performing hardware attestation of NVIDIA GPUs and switches. This guide links to examples which cover the most common use cases.

• Basic GPU Attestation Example: This example demonstrates how to perform basic GPU attestation using the NVIDIA Attestation SDK. This is the most common use case - verifying the integrity and authenticity of NVIDIA GPU hardware and firmware using a complete end-to-end attestation workflow with a relying party policy.

  • API References

    • Complete attestation workflow: nvat_attest_device() (related: attestation context APIs)

    • Error handling: return_codes()

    • SDK initialization: nvat_sdk_init()

    • Attestation context: nvat_attestation_ctx_create()

• Evidence Collection Example: Understand how to collect attestation evidence and perform verification using lower-level APIs. This example demonstrates how to manually collect GPU evidence, set up verification components, and process attestation results. This approach provides more control over the attestation process compared to the simplified nvat_attest_device() workflow.

  • API References

    • Evidence collection: nvat_gpu_evidence_collect()

    • Evidence sources: nvat_gpu_evidence_source_nvml_create()

    • Nonce generation: nvat_nonce_create()

    • Verification: nvat_verify_gpu_evidence()

    • Local verifier: nvat_gpu_local_verifier_create()

• Custom Logger Example: Learn how to integrate custom logging functionality with the attestation SDK. The SDK provides flexible logging capabilities that can be customized to integrate with your application’s logging system. You can define custom callbacks for log message handling, filtering, and flushing.

  • API References

    • Custom logger creation: nvat_logger_callback_create()

    • Logger configuration: nvat_sdk_opts_set_logger()

    • SDK initialization: nvat_sdk_init()

    • Error handling: return_codes()

Next Steps

Explore the Full API

• Complete API Reference: Browse the API groups for detailed descriptions of all SDK functions, types, and constants

• Advanced Configuration: See here to learn more about configuring the attestation process