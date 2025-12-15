NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing v4.0
ConnectX-7 Measurements

The measurement specification for all the indices listed in the tables below is: 0x01 (DMTF).

Version 1.0.0

The table below shows the measurements supported starting from firmware version 28.38.xxxx.

Index

Measurement

Value

Description

What is measured?

Part of CoRIM?

1

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-0: IC Security Parameters (Fuse, Straps)

No

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

2

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-1: First mutable code

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

3

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-2: Secondary boot sequencing code

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

4

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-3: Runtime Code

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

5

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-4: Hashes manifest

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

Version 1.1.0

The table below shows the measurements supported starting from the firmware releases after April 2025.

Index

Measurement

Value

Description

What is measured?

Part of CoRIM?

1

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-0: IC Security Parameters (Fuse, Straps)

No

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

2

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-1: First mutable code

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

3

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-2: Secondary boot sequencing code

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

4

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-3: Runtime Code

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

5

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-4: Hashes manifest

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

6

DMTFSpecMeasurementValueType

0x83

Raw bitstream, FW Config

Measurement Block version

Interpret as Semver2.0 ((https://semver.org/).Byte 3: Major VersionByte 2-1: Minor VersionByte 0: is patch

Yes

DMTFSpecMeasurementValueSize

4

4-byte unsigned Integer, little endian

7

DMTFSpecMeasurementValueType

0x81

Raw bitstream, Device Identifier

Device Identifier (DID, VID, SVID, SID) as defined by PCISIG and a vendor defined byte.

Byte 1:2 - Vendor IDByte 3:4 - Device IDByte 5:6 - Subsystem Vendor IDByte 7:8 - Subsystem IDByte 9 - Vendor defined byteAll multi-byte fields are little endian (uint16_t)

Yes

DMTFSpecMeasurementValueSize

9

Raw bitstream

Version 1.2.0

The table below shows the measurements supported in future firmware releases. The first release to intercept this definition will be updated.

Index

Measurement

Value

Description

What is measured?

Part of CoRIM?

1

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-0: IC Security Parameters (Fuse, Straps)

No

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

2

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-1: First mutable code

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

3

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-2: Secondary boot sequencing code

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

4

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-3: Runtime Code

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

5

DMTFSpecMeasurementValueType

0x01

Hash, mutable FW

M-4: Hashes manifest

Yes

DMTFSpecMeasurementValueSize

64

SHA2-512 hash

6

DMTFSpecMeasurementValueType

0x83

Raw bitstream, FW Config

Measurement Block version

Interpret as Semver2.0 ((https://semver.org/).Byte 3: Major VersionByte 2-1: Minor VersionByte 0: is patch

Yes

DMTFSpecMeasurementValueSize

4

4-byte unsigned Integer, little endian

7

DMTFSpecMeasurementValueType

0x83

Raw bitstream, FW Config

Debug tokens runtime status (32-bit):

Bit 0-1: Runtime token (customer support)Bit 2-3: Debug FW TokenBit 4-5: FRC token...Bit 6-31 reserved

Each pair consists of:

Bit 0: Runtime Token Applied Since Last Reset (1 bit)Bit 1: Runtime Token Currently In Use (1 bit)

Yes;

The expected value is a clean state (all zero bytes)

DMTFSpecMeasurementValueSize

4

4-byte unsigned Integer, little endian

8

DMTFSpecMeasurementValueType

0x81

Raw bitstream, Device Identifier

Device Identifier (DID, VID, SVID, SID) as defined by PCISIG and a vendor defined byte.

Byte 1:2 - Vendor IDByte 3:4 - Device IDByte 5:6 - Subsystem Vendor IDByte 7:8 - Subsystem IDByte 9 - Vendor defined byteAll multi-byte fields are little endian (uint16_t)

Yes

DMTFSpecMeasurementValueSize

9

Raw bitstream
