Signed CoRIM files can be validated as follows. The CoRIM file contains the following information internally about the certificate that matches the private key that was used to generate to sign the CoRIM file:
"dependent-rims": [
{
"href": <Certificate URI>,
"thumbprint": <Thumbprint>
}
]
NVIDIA CoRIM PKI consists of a 3-level certificate chain:
CoRIM root CA – root CA for NVIDIA CoRIMs
CoRIM ConnectX-7 sub-CA – singed by the root CA and represents ConnectX-7 CoRIMs
CoRIM ConnectX-7 singer - singed by the CoRIM ConnectX-7 sub-CA and signs the CoRIM itself
The CoRIM ConnectX-7 signer certificate used to sign the CoRIM itself is located and accessible from the public URL which is referenced by the CoRIM “dependent-rims” href structure. The public key in this certificate should be used to verify the CoRIM signature. The CoRIM root CA and CoRIM sub-CA certificates are publicly accessible and can be found in the following links:
CoRIM root CA – https://docs.ndis.nvidia.com/certs/corim/nvidia-corim-signing-root-ca.pem
CoRIM ConnectX-7 sub-CA – https://docs.ndis.nvidia.com/certs/corim/nvidia-corim-signing-cx7-ica.pem