Configuration Guide#

Overview#

This guide covers configuration options for the NVIDIA Attestation SDK Rust bindings. Configuration can be done through:

Attestation Context: Runtime configuration for attestation workflows
SDK Options: Global SDK initialization settings
Environment Variables: External configuration

Attestation Context Configuration#

The AttestationContext is the primary interface for configuring attestation workflows.

Device Type#

Configure the type of device to attest:

use nv_attestation_sdk::{AttestationContext, DeviceType};

let mut ctx = AttestationContext::new()?;

// For GPU attestation
ctx.set_device_type(DeviceType::Gpu)?;

// For NVSwitch attestation
ctx.set_device_type(DeviceType::NvSwitch)?;

Verifier Type#

Choose between local and remote verification:

use nv_attestation_sdk::VerifierType;

// Remote verification via NRAS
ctx.set_verifier_type(VerifierType::Remote)?;

// Local verification with RIM store and OCSP
ctx.set_verifier_type(VerifierType::Local)?;

SDK Options#

Configure global SDK settings during initialization:

use nv_attestation_sdk::{NvatSdk, SdkOptions, Logger};

let mut opts = SdkOptions::new()?;

// Set custom logger
let logger = Logger::new()?;
opts.set_logger(logger);

// Initialize with options
let client = NvatSdk::init(opts)?;

HTTP Configuration#

Configure HTTP client behavior for network requests:

use nv_attestation_sdk::HttpOptions;

let mut http_opts = HttpOptions::default_options()?;

// Set retry behavior
http_opts.set_max_retry_count(5);

// Set timeouts (in milliseconds)
http_opts.set_connection_timeout_ms(10000);  // 10 seconds
http_opts.set_request_timeout_ms(30000);     // 30 seconds

// Configure proxy (if needed)
// http_opts.set_proxy("http://proxy.example.com:8080")?;

// Use with RIM store or OCSP client
let rim_store = RimStore::create_remote(
    "https://rim.attestation.nvidia.com",
    Some("api-key"),
    Some(&http_opts)
)?;

RIM Store Configuration#

Reference Integrity Manifests (RIMs) are used to verify device measurements.

Filesystem RIM Store#

Store RIMs locally on the filesystem:

use nv_attestation_sdk::RimStore;

let rim_store = RimStore::create_filesystem("/var/lib/nvat/rims")?;

Remote RIM Store#

Fetch RIMs from a remote service:

let http_opts = HttpOptions::default_options()?;
let rim_store = RimStore::create_remote(
    "https://rim.attestation.nvidia.com",
    Some("your-api-key"),
    Some(&http_opts)
)?;

OCSP Client Configuration#

OCSP (Online Certificate Status Protocol) clients verify certificate revocation status:

use nv_attestation_sdk::OcspClient;

let http_opts = HttpOptions::default_options()?;
let ocsp_client = OcspClient::create_default(
    Some("https://ocsp.attestation.nvidia.com"),
    Some("your-api-key"),
    Some(&http_opts)
)?;

Environment Variables#

The SDK supports configuration via environment variables:

NVAT_RIM_STORE_BASE_URL: RIM service URL

export NVAT_RIM_STORE_BASE_URL="https://rim.attestation.nvidia.com"

NVAT_OCSP_BASE_URL: OCSP service URL

export NVAT_OCSP_BASE_URL="https://ocsp.attestation.nvidia.com"

NVAT_NRAS_BASE_URL: NRAS service URL

export NVAT_NRAS_BASE_URL="https://nras.attestation.nvidia.com"

Logging Configuration#

Enabling Logging#

Enable the logging feature in Cargo.toml:

[dependencies]
nv-attestation-sdk = {
    git = "https://github.com/NVIDIA/attestation-sdk",
    subdirectory = "nv-attestation-sdk-rust/nv-attestation-sdk",
    features = ["logging"]
}

Using with env_logger#

use nv_attestation_sdk::{NvatSdk, SdkOptions, Logger};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    // Initialize env_logger
    env_logger::Builder::from_default_env()
        .filter_level(log::LevelFilter::Debug)
        .init();

    // Create SDK with logger
    let mut opts = SdkOptions::new()?;
    let logger = Logger::new()?;
    opts.set_logger(logger);

    let _client = NvatSdk::init(opts)?;

    // SDK operations will log through env_logger
    Ok(())
}

Complete Configuration Example#

use nv_attestation_sdk::{
    NvatSdk, SdkOptions, Logger, AttestationContext,
    HttpOptions, RimStore, OcspClient,
    DeviceType, VerifierType
};

fn main() -> Result<(), Box<dyn std::error::Error>> {
    // 1. Initialize logging
    env_logger::init();

    // 2. Configure SDK
    let mut sdk_opts = SdkOptions::new()?;
    let logger = Logger::new()?;
    sdk_opts.set_logger(logger);
    let _client = NvatSdk::init(sdk_opts)?;

    // 3. Configure HTTP
    let mut http_opts = HttpOptions::default_options()?;
    http_opts.set_max_retry_count(5);
    http_opts.set_connection_timeout_ms(10000);
    http_opts.set_request_timeout_ms(30000);

    // 4. Set up verification components
    let _rim_store = RimStore::create_filesystem("/var/lib/nvat/rims")?;
    let _ocsp_client = OcspClient::create_default(
        Some("https://ocsp.attestation.nvidia.com"),
        Some("your-api-key"),
        Some(&http_opts)
    )?;

    // 5. Configure attestation context
    let mut ctx = AttestationContext::new()?;
    ctx.set_device_type(DeviceType::Gpu)?;
    ctx.set_verifier_type(VerifierType::Local)?;

    // 6. Perform attestation
    let result = ctx.attest_device(None)?;

    println!("Attestation successful!");
    println!("Claims: {}", result.claims_json()?);

    Ok(())
}

Next Steps#

Claims Schema: Understand the structure of attestation results in the Claims Schema Reference
User Guide: See more examples in the User Guide
Development: Learn about contributing in the Development Guide