NVSwitch Evidence Verification

Components used to perform switch evidence verification and produce attestation results (claims) for a relying party.

Functions

nvat_rc_t nvat_switch_local_verifier_create(nvat_switch_local_verifier_t *out_verifier, nvat_rim_store_t rim_store, nvat_ocsp_client_t ocsp_client)

Create a local verifier to appraise evidence in the current process.

nvat_switch_verifier_t nvat_switch_local_verifier_upcast(nvat_switch_local_verifier_t verifier)

nvat_rc_t nvat_switch_nras_verifier_create(nvat_switch_nras_verifier_t *out_verifier, const char *base_url, const nvat_http_options_t http_options)

Create a remote verifier that uses NVIDIA Remote Attestation Service to appraise evidence.

nvat_switch_verifier_t nvat_switch_nras_verifier_upcast(nvat_switch_nras_verifier_t verifier)

void nvat_switch_verifier_free(nvat_switch_verifier_t *switch_verifier)

nvat_rc_t nvat_verify_switch_evidence(const nvat_switch_verifier_t verifier, const nvat_switch_evidence_t *switch_evidence_array, size_t num_evidences, const nvat_evidence_policy_t policy, nvat_claims_collection_t *out_claims)

Verify switch evidence against a given evidence policy.

Typedefs

nvat_switch_local_verifier_t

nvat_switch_nras_verifier_t

nvat_switch_verifier_t

Evaluates switch evidence to produce attestation results (claims) indicating the validity of submitted evidence.

Functions

nvat_rc_t nvat_switch_local_verifier_create(

nvat_switch_local_verifier_t *out_verifier,

nvat_rim_store_t rim_store,

nvat_ocsp_client_t ocsp_client,

)

Create a local verifier to appraise evidence in the current process.

Verify evidence in the current process. The local verifier should be used either in:

• a TEE connected to the attester

• a remote attestation service running in a secure cloud environment

Local verification outside of these use cases is not recommended as the verification process can be compromised by malicious actors with elevated privileges on the host.

nvat_switch_verifier_t nvat_switch_local_verifier_upcast(

nvat_switch_local_verifier_t verifier,

)

nvat_rc_t nvat_switch_nras_verifier_create(

nvat_switch_nras_verifier_t *out_verifier,

const char *base_url,

const nvat_http_options_t http_options,

)

Create a remote verifier that uses NVIDIA Remote Attestation Service to appraise evidence.

Parameters:

• base_url – If NULL, will use the default NRAS production base URL

• http_options – If NULL, will use default HTTP options

nvat_switch_verifier_t nvat_switch_nras_verifier_upcast(

nvat_switch_nras_verifier_t verifier,

)

void nvat_switch_verifier_free(

nvat_switch_verifier_t *switch_verifier,

)

nvat_rc_t nvat_verify_switch_evidence(

const nvat_switch_verifier_t verifier,

const nvat_switch_evidence_t *switch_evidence_array,

size_t num_evidences,

const nvat_evidence_policy_t policy,

nvat_claims_collection_t *out_claims,

)

Verify switch evidence against a given evidence policy.

Typedefs

typedef struct nvat_switch_local_verifier_st *nvat_switch_local_verifier_t

typedef struct nvat_switch_nras_verifier_st *nvat_switch_nras_verifier_t

typedef struct nvat_switch_verifier_st *nvat_switch_verifier_t

Evaluates switch evidence to produce attestation results (claims) indicating the validity of submitted evidence.