SPDM Reference Measurements
The reference measurements provided by NVIDIA are in CoRIM/CoMID format. The measurements obtained from the eRoTs are the outcome of SPDM v1.1 GET_MEASUREMENT commands sent to the eRoTs by the BMC.
Each eRoT corresponds to a specific type of attested entity (BMC, FPGA, CPU UEFI, and NVSwitch). The set of reference measurements includes a CoMID for each eRoT and its corresponding component pair, with each eRoT providing measurements for both itself and the protected component as part of its measurement set. There is only one CoMID for the two NVSwitches, as they are expected to run the same firmware at all times, except during brief update periods when one may be updated before the other.
The CoMID includes only the measurement indices that are relevant for attestation data or metadata necessary for measurement verification against the reference. It excludes instance-specific measurements (such as serial numbers) and deprecated or unused measurement indices.
For a detailed explanation of which measurements are included in the reference, see the Measurement Block Definition section of this document.
In cases where measurements involve multiple instances (e.g., the contents of two different flashes used to store copies of a single component’s firmware), the reference defines the same value for both instances, representing the system’s stable state where the content of both flashes is identical.
The CoRIMs for the Switch Tray are structured according to the update packages for the tray. Since there are three packages, there are three sets of reference measurements in CoRIM format.
The diagram below shows the relationship between a release package and its corresponding CoRIM:
Please note that the update package for the BMC always includes an FPGA image. The reference CoRIM for the BMC package contains both CoMIDs, meaning the BMC and FPGA must be updated together to ensure a valid reference for attestation. However, if two different release packages contain the same FPGA FW, updating the FPGA is not necessary, as either reference will match the FPGA measurements.
To process the NVIDIA provided CoRIM and CoMID structures, the following flow is used:
The CoRIMs provided by NVIDIA are signed and begin with an IANA tag. To process the CoRIM using the standard cocli tool (GitHub - veraison/cocli), the first six bytes of the file containing the IANA tag must be removed. For example:
dd
if="$tagged_corim"of="$untagged_corim"bs=1skip=6status=noneExtract the CoMIDs from the CoRIM using cocli.
cocli corim extract -f
"$ untagged_corim "--output-dir"$new_comid_path"Obtain the JSON output for every CoMID file in the
$new_comid_pathdirectory.cocli comid display -f $comid_file > $output_file
Drop the first line which is not part of the JSON output.
sed -i
'1d'"$output_file"
The result will be the CoMIDs' contents in JSON format. These should then be compared to the measurement values provided by the eRoTs. It is important to ensure that the correct CoMID is compared with the corresponding measurement set (for example, comparing measurements from the NVSwitch eRoT with the CoMID for UEFI will always fail). Not all measurements come with a reference value in the CoMID. Measurements without a reference value in the CoMID should be ignored by the verifier during the comparison.