Architecture Overview

Attestation Suite Architecture Overview

The NVIDIA Attestation Suite is composed of several interconnected services and components that work together to provide a comprehensive verification solution. Understanding this architecture is key to leveraging the full power of the suite.

Overall Architecture Diagram

The following diagram illustrates the flow of information and trust between the client, the NVIDIA services, and the GPU hardware.

How It Works: A Simplified View

The attestation process provides a complete, verifiable chain of trust.

1. Generate Evidence: Use the Attestation SDK to collect cryptographic evidence from the GPU and other NVIDIA devices.

2. Fetch Golden Measurements: The RIM Service provides the official, signed “golden” measurements for authentic NVIDIA components.

3. Attest and Verify: The NVIDIA Remote Attestation Service or the Local verifier compares the evidence against the golden measurements to provide a definitive verification result.

Core Components

Client-Side Components

• Attestation SDK: A Python-based SDK that provides high-level APIs for developers to integrate attestation into their applications. It orchestrates interactions with the GPU driver and remote services.

• Attestation CLI (attest-cli): A command-line interface, bundled with the SDK, for performing ad-hoc local and remote attestation. It is built on top of the Attestation SDK.

• Local GPU Verifier: The underlying logic that extracts evidence from the GPU. It interacts with the NVIDIA driver via NVML to retrieve measurements and certificates.

Cloud Services

• RIM Service: The Reference Integrity Manifest (RIM) Service is responsible for hosting the “golden” measurements. It stores and serves signed RIMs, which contain the authoritative measurement values for authentic NVIDIA hardware and software.

• NVIDIA Remote Attestation Service (NRAS): The central cloud service that performs the final verification. It receives attestation evidence from the client, fetches the appropriate RIM from the RIM Service, and returns a signed attestation result.

• Certificate Revocation Service: An OCSP-based service used to check if the certificate that signed a RIM is still valid, ensuring that revoked or compromised RIMs are not trusted.

Next Steps

Now that you have successfully attested your GPU and understand the architecture, explore the detailed documentation for each component:

• Learn how to transition from proof-of-concept to production deployment, including NGC onboarding and integration options: POC to Production Guide.

• Learn about our Attestation Client Tools, Cloud Services and Advanced documentation.