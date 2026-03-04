The measurements returned by each eRoT represent both the eRoT itself and the component it protects. It is important to note that updating either the eRoT firmware or the component firmware will result in changes to the measurement values reported by the eRoT.

A total of 64 measurements are returned by the eRoT. Some of these measurements are reserved, deprecated, device-specific (such as a serial number), or informational/metadata (such as the firmware build date). The reference measurements published by NVIDIA only include meaningful measurements that are not tied to a specific device instance. Measurement indexes not included in the reference should be ignored by the attestation verifier.

The "Part of Reference?" column indicates whether the CoMID contains a reference value for each measurement.

Whenever a hash value is reported in the table, the hash algorithm used is SHA-384.

Measurement indices may change over the product's lifetime with eRoT firmware updates. Any such changes are always reflected in the reference measurements provided with the release. Verifiers should not assume the structure of the measurement blocks, the number of measurements, or their internal formats. The reference measurements provided as part of the release collateral serve as the authoritative source for the measurement structure of that release. The following two sections outline the measurements mapped to Oberon release milestones and eRoT versions.

The tables below show the measurements returned by the Switch Tray with an eRoT firmware version greater than or equal to 01.04.0009.0000.

Index What is Measured? Part of Reference? 1 Measurement Block Format as Semver2.0. Yes 2 Type of Component the eRoT is attached to: "FPG" - FPGA"BMC" - BMC"NVS" - NVSW"CPU" - x86 CPU Yes 3 Reserved/Unused/Deprecated No 4 Hash of currently executing eRoT FW. Yes 5 Hash of eRoT FW – Active Slot Yes 6 Hash of eRoT FW – Inactive Slot Yes 7-8 Reserved/Unused/Deprecated No 9 Hash of Component FW (Cached) – Active Slot Yes 10 Hash of Component FW (Cached) – Inactive Slot Yes 11-12 Reserved/Unused/Deprecated No 13 Hash of eRoT OTP Configuration Yes 14 Hash of eRoT FW Anti-Rollback Fuses Yes 15 Hash of eRoT FW Key Revocation Fuses Yes 16 Hash of Component FW Anti-Rollback Fuses Yes 17 Hash of Component FW Key Revocation Fuses Yes 18 Component Firmware Security Version Number (SVN) – Active Slot Yes 19 Component Firmware Security Version Number (SVN) – Inactive Slot Yes 20 Revocation Mode Yes 21-25 Reserved/Unused/Deprecated No 26 eRoT Serial Number No 27 eRoT FW Image Header Hash – Active Slot Yes 28 eRoT FW Image Header Hash – Inactive Slot Yes 29-30 Reserved/Unused/Deprecated No 31 Component FW – Active Slot Metadata Hash Yes 32 Component FW – Inactive Slot Metadata Hash Yes 33-34 Reserved/Unused/Deprecated No 35 Component FW - Booted Instance Index No 36 Component FW Version (as Semver2.0) – Active Slot No 37 Component FW Version (as Semver2.0) – Inactive Slot No 38 eRoT FW Version (as Semver2.0) – Active Slot No 39 eRoT FW Version (as Semver2.0) – Inactive Slot No 40 Executing eRoT FW Build Date No 41 Component Firmware Active Slot Build Date No 42 Component Firmware Inactive Build Date No 43 Component Boot Status No 44 eRoT Tray Enumeration ID No 45 eRoT FW Configuration Strap Value Yes 46 Hash of eRoT FW keys - Instance 0 Yes 47 Hash of eRoT FW keys - Instance 1 Yes 48 Hash of Component FW keys - Instance 0 Yes 49 Hash of Component FW keys - Instance 1 Yes 50 Debug token configuration: Byte 35-32: reservedByte 31-24: device serial numberByte 23-8: nonceByte 7-4: eRoT FW versionByte 3-2: struct sizeByte 1: struct major versionByte 0: struct minor version No 51 Debug Token Status information: Byte 4: bit 0 Debug token was installedbit 1 Debug token currently installedByte 3-0: 32 bit integer, number of debug token installs, little endian Yes 52-61 Reserved/Unused/Deprecated No 62 Hash of the booted component FW. Yes 63 Hash of the booted component FW metadata. Yes 64 The PLDM Query Device Identifier for this eRoT. This is used to identify the CoMID against which the measurement block is to be compared. Yes

In the table above, "Active Slot" refers to the currently booted image, while "Inactive Slot" represents the second copy of the firmware. Both the eRoT firmware and the component firmware have two slots. During an update, the Inactive Slot is overwritten as part of the update and authentication process. After a successful update and boot, the previously Inactive Slot becomes the Active Slot, and a background copy process transfers the new Active Slot firmware into the now-unused Inactive Slot. This process may take a few minutes. If measurements are collected before the background copy completes, the two slots may have different values. The reference measurements assume a stable state, where both slots are identical, once the background copy process is finished.