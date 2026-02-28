Note For detailed information about the DPU attestation process, measurement descriptions, and reference values, refer to the DPU Attestation documentation.

Copy Copied! curl -k -u root: '<password>' -H "Content-Type: application/json" -X GET https:

This command returns a collection of all attestation targets in the system.

In DPU BMC, the available attestation targets are:

Bluefield_DPU_IRoT – The BlueField IRoT (Initial Root of Trust), a Platform Security Controller (PSC) that stores measurements related to the Arm and NIC components

Bluefield_ERoT – The BlueField BMC ERoT (External Root of Trust), which contains measurements related to the DPU BMC

Copy Copied! curl -k -u root: '<password>' -H "Content-Type: application/json" -X GET https:

This command retrieves the certificate chain for a specific attestation target. The response is a JSON structure containing the entire certificate chain, which can be used to verify the authenticity of the component.

Copy Copied! # 1 . Request all available measurements curl -k -u root: '<password>' -H "Content-Type: application/json" -X POST \ https: # 2 . Request specific measurements curl -k -u root: '<password>' -H "Content-Type: application/json" -X POST \ -d '{"SlotId": 0, "MeasurementIndices": [2,5], "Nonce": "d42a0594c5cd5743ee08fe5ec3cf884b1fac4f106879cda98b7d1c51652b04b7"}' \ https:

This command retrieves signed measurements from the specified component.

Parameters:

Nonce Description: A unique, randomly generated value used to prevent replay attacks.

Format: 32-byte (64-character) hexadecimal string.

Usage: Must be generated and provided by the client for each request. Ensures that each request is fresh and secure.

Certificate Slot ID Description: Indicates which slot contains the certificate chain used for signing.

Supported Value: 0

Default: 0

Note: Only Slot 0 is supported, which holds the NVIDIA certificate chain. Measurement Indices Description: Specifies the measurement indices to request.

Format: Array of integers.

Default: If omitted, 0xFF is used to request all available measurements.

This operation is asynchronous and returns a task object rather than the measurement data itself.

Example response:

Copy Copied! { "@odata.id" : "/redfish/v1/TaskService/Tasks/0" , "@odata.type" : "#Task.v1_4_3.Task" , "Id" : "<id>" , "TaskState" : "Running" , "TaskStatus" : "OK" }





Periodically check the task until completion using:

Copy Copied! curl -k -u root: '<password>' -H "Content-Type: application/json" \ -X GET https:

A completed task appears as

Copy Copied! { ... "PercentComplete" : 100 , ... "TaskState" : "Completed" , "TaskStatus" : "OK" }

Copy Copied! curl -k -u root: '<password>' -H "Content-Type: application/json" -X GET \ https:

This command retrieves the signed measurement data previously requested via the SPDMGetSignedMeasurements action.

Example output:

Copy Copied! { "HashingAlgorithm" : "TPM_ALG_SHA_512" , "SignedMeasurements" : "<base64 encoded measurements>" , "SigningAlgorithm" : "TPM_ALG_ECDSA_ECC_NIST_P384" , "Version" : "1.1.0" }



