Introduction - nvTrust

nvat (or “NV Attest”) is an SDK that supports device attestation for NVIDIA products such as GPUs and the NVLink Switch. The SDK and associated tooling allows users to collect and verify device attestation reports.

Installation

From source

This project uses CMake as its build system. The following instructions have been tested on Ubuntu 22.04 and 24.04 x86-64.

• Install build dependencies:

apt install cmake pkg-config clang clang-tidy curl libcurl4-openssl-dev libssl-dev libxml2-dev libxmlsec1-dev libspdlog-dev libxmlsec1-openssl

• Rego support is provided through regorus, a Rust library. The Rust compiler will need to be installed on the system, preferably through rustup.

• libnvml is required when compiling support for GPU evidence collection. See Driver Installation for instructions.

• Build using CMake:

cd nv-attestation-sdk-cpp
cmake -S . -B build -DENABLE_NVML=ON -DENABLE_NSCQ=ON
# if gpu or nvswitch attestation is not needed, ENABLE_NVML or ENABLE_NSCQ can be turned off
cmake --build build

• Install:

cmake --install build --strip

• Uninstall (the installed files are recorded in build/install-manifest):

xargs rm -v < build/install_manifest.txt

Usage

The public API of nvat is located at <nvat.h>

The function nvat_attest_system() is the primary way to attest GPUs, NVLink Switches, and future NVIDIA products. An example of how to use nvat_attest_system can be found in examples/attest/main.c.

It also provides low level APIs which can be used to collect evidence, verify evidence and finally attest the claims (optionally view them) in different steps.

See quickstart to quickly get started with this SDK.