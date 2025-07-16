eRoT Measurements
The measurements returned by each eRoT represent both the eRoT itself and the component it protects. It is important to note that updating either the eRoT firmware or the component firmware will result in changes to the measurement values reported by the eRoT.
A total of 64 measurements are returned by the eRoT. Some of these measurements are reserved, deprecated, device-specific (such as a serial number), or informational/metadata (such as the firmware build date). The reference measurements published by NVIDIA only include meaningful measurements that are not tied to a specific device instance. Measurement indexes not included in the reference should be ignored by the attestation verifier.
The "Part of Reference?" column indicates whether the CoMID contains a reference value for each measurement.
Whenever a hash value is reported in the table, the hash algorithm used is SHA-384.
Measurement indices may change over the product's lifetime with eRoT firmware updates. Any such changes are always reflected in the reference measurements provided with the release. Verifiers should not assume the structure of the measurement blocks, the number of measurements, or their internal formats. The reference measurements provided as part of the release collateral serve as the authoritative source for the measurement structure of that release. The following two sections outline the measurements mapped to Oberon release milestones and eRoT versions.
The tables below show the measurements returned by the Switch Tray with an eRoT firmware version greater than or equal to 01.04.0009.0000.
Index
What is Measured?
Part of Reference?
1
Measurement Block Format as Semver2.0.
Yes
2
Type of Component the eRoT is attached to:
"FPG" - FPGA
"BMC" - BMC
"NVS" - NVSW
"CPU" - x86 CPU
Yes
3
Reserved/Unused/Deprecated
No
4
Hash of currently executing eRoT FW.
Yes
5
Hash of eRoT FW – Active Slot
Yes
6
Hash of eRoT FW – Inactive Slot
Yes
7-8
Reserved/Unused/Deprecated
No
9
Hash of Component FW (Cached) – Active Slot
Yes
10
Hash of Component FW (Cached) – Inactive Slot
Yes
11-12
Reserved/Unused/Deprecated
No
13
Hash of eRoT OTP Configuration
Yes
14
Hash of eRoT FW Anti-Rollback Fuses
Yes
15
Hash of eRoT FW Key Revocation Fuses
Yes
16
Hash of Component FW Anti-Rollback Fuses
Yes
17
Hash of Component FW Key Revocation Fuses
Yes
18
Component Firmware Security Version Number (SVN) – Active Slot
Yes
19
Component Firmware Security Version Number (SVN) – Inactive Slot
Yes
20
Revocation Mode
Yes
21-25
Reserved/Unused/Deprecated
No
26
eRoT Serial Number
No
27
eRoT FW Image Header Hash – Active Slot
Yes
28
eRoT FW Image Header Hash – Inactive Slot
Yes
29-30
Reserved/Unused/Deprecated
No
31
Component FW – Active Slot Metadata Hash
Yes
32
Component FW – Inactive Slot Metadata Hash
Yes
33-34
Reserved/Unused/Deprecated
No
35
Component FW - Booted Instance Index
No
36
Component FW Version (as Semver2.0) – Active Slot
No
37
Component FW Version (as Semver2.0) – Inactive Slot
No
38
eRoT FW Version (as Semver2.0) – Active Slot
No
39
eRoT FW Version (as Semver2.0) – Inactive Slot
No
40
Executing eRoT FW Build Date
No
41
Component Firmware Active Slot Build Date
No
42
Component Firmware Inactive Build Date
No
43
Component Boot Status
No
44
eRoT Tray Enumeration ID
No
45
eRoT FW Configuration Strap Value
Yes
46
Hash of eRoT FW keys - Instance 0
Yes
47
Hash of eRoT FW keys - Instance 1
Yes
48
Hash of Component FW keys - Instance 0
Yes
49
Hash of Component FW keys - Instance 1
Yes
50
Debug token configuration:
Byte 35-32: reserved
Byte 31-24: device serial number
Byte 23-8: nonce
Byte 7-4: eRoT FW version
Byte 3-2: struct size
Byte 1: struct major version
Byte 0: struct minor version
No
51
Debug Token Status information:
Byte 4: bit 0 Debug token was installed
bit 1 Debug token currently installed
Byte 3-0: 32 bit integer, number of debug token installs, little endian
Yes
52-61
Reserved/Unused/Deprecated
No
62
Hash of the booted component FW.
Yes
63
Hash of the booted component FW metadata.
Yes
64
The PLDM Query Device Identifier for this eRoT. This is used to identify the CoMID against which the measurement block is to be compared.
Yes
In the table above, "Active Slot" refers to the currently booted image, while "Inactive Slot" represents the second copy of the firmware. Both the eRoT firmware and the component firmware have two slots. During an update, the Inactive Slot is overwritten as part of the update and authentication process. After a successful update and boot, the previously Inactive Slot becomes the Active Slot, and a background copy process transfers the new Active Slot firmware into the now-unused Inactive Slot. This process may take a few minutes. If measurements are collected before the background copy completes, the two slots may have different values. The reference measurements assume a stable state, where both slots are identical, once the background copy process is finished.