Reference Integrity Measurements (RIM) Guide#
This guide explains how to work with Reference Integrity Measurements for GPU attestation.
What are RIMs?#
For a comprehensive introduction to Reference Integrity Measurements, including what they are, how they work, and their role in GPU attestation, see the RIM Introduction.
How to Request RIM from RIM Service using curl#
The SDK automatically fetches the appropriate RIM files during attestation. If you want to fetch the RIM files manually, use the following commands.
# Replace YOUR_API_KEY with the key from your NVIDIA Developer account
export NVIDIA_API_KEY="YOUR_API_KEY"
# Request Driver RIM
curl -X GET "https://rim.attestation.nvidia.com/v1/rim/NV_GPU_DRIVER_GH100_535.104.05" \
-H "Authorization: Bearer ${NVIDIA_API_KEY}" \
-o driver_rim.swidtag
# Request VBIOS RIM
curl -X GET "https://rim.attestation.nvidia.com/v1/rim/NV_GPU_VBIOS_1010_0200_882_96005E0001" \
-H "Authorization: Bearer ${NVIDIA_API_KEY}" \
-o vbios_rim.swidtag
Example RIM File#
RIM files are provided in TCG SWID (Software Identification) tag format, which is an XML-based standard. This format is used for all Hopper and Blackwell driver and VBIOS RIMs.
<SoftwareIdentity xmlns="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns0="http://standards.iso.org/iso/19770/-2/2015/schema.xsd" xmlns:ns2="http://www.w3.org/2001/04/xmlenc#sha384" corpus="false" name="GB100" patch="false" supplemental="false" tagId="f1952261a9d" version="1.0" tagVersion="0">
<ns0:Entity name="NVIDIA Corporation" role="softwareCreator tagCreator"/>
<ns0:Meta xmlns:ns1="https://trustedcomputinggroup.org/resource/tcg-reference-integrity-manifest-rim-information-model/" colloquialVersion="590.16" edition="GPU" product="GB100" revision="r1" PayloadType="direct" ns1:BindingSpec="RIMIM" ns1:BindingSpecVersion="1.01" ns1:PlatformManufacturerId="5703" ns1:PlatformManufacturerStr="NVIDIA Corporation" ns1:PlatformModel="GB100" ns1:FirmwareManufacturer="NVIDIA Corporation" ns1:FirmwareManufacturerId="5703"/>
<ns0:Payload xmlns:SHA384="http://www.w3.org/2001/04/xmlenc#sha384">
<ns0:Resource type="Measurement" index="0" active="False" alternatives="1" ns2:Hash0="000000000000000" name="Measurement_0" size="48"/>
<ns0:Resource type="Measurement" index="1" active="False" alternatives="1" ns2:Hash0="000000000000000" name="Measurement_1" size="48"/>
<!-- Additional measurements... -->
</ns0:Payload>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha384"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384"/>
<ds:DigestValue>lruWtOVKw050SQUwtn</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>nDaIoLK8ixfwn/9IE09j80tAJEdr</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>...</ds:X509Certificate>
<ds:X509Certificate>...</ds:X509Certificate>
<ds:X509Certificate>...</ds:X509Certificate>
<ds:X509Certificate>...</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>
</SoftwareIdentity>
Understanding the RIM File Structure#
SoftwareIdentity: Root element containing metadata about the RIM
name: The GPU model (e.g., GB100)version: Schema version
Entity: Information about NVIDIA as the creator
Meta: Metadata about the firmware including version and platform details
colloquialVersion: The actual driver or firmware version (e.g., 590.16)product: GPU product name
Payload: Contains the actual measurements
Each
Resourceelement represents a measurement with its hash valueUses SHA384 hash algorithm for GPU attestation
Signature: Digital signature to verify the authenticity of the RIM
Signed by NVIDIA’s attestation service
Can be verified using the included X.509 certificates