BlueField-3 Certificates
BlueField-3 supports DICE attestation measurements, with its certificate chain stored in SPDM certificate slot 0. The device also supports the provisioning of customer certificate chains in additional slots.
The figure below shows the pre-provisioned attestation certificate chain for BlueField-3. Certificates L1-L3 are included in the BlueField-3 image, while certificate L4 is provisioned during production and stored in write-protected memory.
During boot, BlueField-3’s HW-RoT and secure privileged code generate additional run-time certificates, which are stored in volatile internal memory. L6 serves as the leaf certificate, and its private key is used to sign BlueField-3 SPDM measurements. The complete certificate chain is sent in response to the SPDM GET_CERTIFICATE command and stored in SPDM certificate slot 0.
The certificates L5, L6 contain evidence as x.509 certificate extension in section 2.23.133.5.4.1, and specifically TCG_DICE_FWID-0, and TCG_DICE_FWID-1 respectively.
TCG_DICE_FWID-0 contains a SHA2-384 hash of the hardware configuration and the first mutable firmware code.
TCG_DICE_FWID-1 contains a SHA2-384 hash of the runtime firmware code.
BlueField-3 follows the TCG draft for Implicit Identity-Based Device Attestation Version 1.0, Revision 0.93. As a result, BlueField-3 places the TCG-DICE-FWID in the OID 2.23.133.5.4.1, which is technically reserved for TCG-DICE-TCBINFO according to the TCG OID registry.
BlueField-3 CoRIM files are expected to be available through the NVIDIA RIM service, as documented at: https://docs.attestation.nvidia.com/RIM/rim_introduction.html, starting in April 2025.
The CoRIM files include the same measurement block definition encoded in base64 format, as outlined below. If the table indicates "Yes" under the "Part of CoRIM" column, the index is included in the CoRIM file; otherwise, it is excluded.