What can I help you with?
NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing v3.0
NVIDIA Docs Hub  NVIDIA Networking  Networking Software  Adapter Firmware  NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing v3.0  COSE Validation

COSE Validation

Signed CoRIM files can be validated as follows. First, the CoRIM file contains the following information internally about the certificate that matches the private key that was used to generate and sign the CoRIM file:

Copy
Copied!
            

            
"dependent-rims": [ 
            { 
                  "href": <Certificate URI>, 
                  "thumbprint": <Thumbprint>  
            } 
]

The thumbprint can be computed with the following command:

Copy
Copied!
            

            
openssl dgst -binary -sha256 ${CERT_KEY_FILE} | cut -d ' ' -f2 | tr -d '\n' | base64 -w0

NVIDIA CoRIM PKI consists of a 3-level certificate chain:

  • CoRIM root CA – root CA for NVIDIA CoRIMs

  • CoRIM sub-CA – signed by the root CA and represents product-specific CoRIMs

  • CoRIM product signer – signed by the CoRIM sub-CA and signs the CoRIM itself

The CoRIM Product signer certificate, used to sign the CoRIM, is available at a public URL specified by the CoRIM's "dependent-rims" href structure. The public key in this certificate should be used to verify the CoRIM's signature. Additionally, the CoRIM Root-CA and CoRIM sub-CA certificates are publicly accessible at: https://docs.ndis.nvidia.com/CoRIM/CoRIM%20Certificates.html
© Copyright 2025, NVIDIA. Last updated on Jun 3, 2025.
content here