NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing v5.0
NVIDIA Docs Hub Homepage  NVIDIA Networking  Networking Software  Adapter Firmware  NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing v5.0  ConnectX-9 Certificates

ConnectX-9 Certificates

ConnectX-9 supports DICE attestation measurements, with its certificate chain stored in SPDM certificate slot 0. Additionally, the device allows customer certificate chains to be provisioned into other available slots.

The figure below illustrates the pre-provisioned attestation certificate chain for ConnectX-9. Certificates L1 through L3 are embedded within the device image, while certificate L4 is provisioned during manufacturing and securely stored in write-protected memory.

image-2025-1-21_11-37-51-version-1-modificationdate-1772642206497-api-v2.png

During the boot process, the ConnectX-9 hardware root of trust (HW-RoT) and secure privileged code generate additional runtime certificates, which are stored in volatile internal memory. The leaf certificate, L6, is used to sign SPDM measurements, with its corresponding private key. The complete certificate chain is returned in response to the SPDM GET_CERTIFICATE command and resides in SPDM certificate slot 0.

image-2025-1-21_11-40-10-version-1-modificationdate-1772642206127-api-v2.png

Certificates L5 and L6 contain evidence as x.509 certificate extensions in section 2.23.133.5.4.1.1, specifically TCG_DICE_FWID-0 and TCG_DICE_FWID-1, respectively.

  • TCG_DICE_FWID-0 contains a SHA2-384 hash of the hardware configuration and the first mutable firmware code.

  • TCG_DICE_FWID-1 contains a SHA2-384 hash of the runtime firmware code.
© Copyright 2026, NVIDIA. Last updated on Mar 5, 2026
content here