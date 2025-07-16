Obtaining measurements involves two steps:

A central aggregator (such as a BMC) gathers measurements from one or more attesting entities. This step occurs internally within the system and is not visible to the external verifier, who interacts only with the central aggregator. The external verifier remotely retrieves the measurements from the central aggregator using a protocol.

For all eRoT and iRoT-based attesting entities on a switch tray, the protocol used to transmit measurements to a centralized point within the system is SPDM v1.1. In the SPDM protocol, the attesting entities are referred to as SPDM Responders.

On the Switch Tray, the BMC acts as the collection point for SPDM-based measurements. To retrieve the measurements from the BMC, you can use the DMTF Redfish APIs under the ComponentIntegrity schema. The BMC is equipped with a dedicated management RJ-45 Ethernet connection where the Redfish server listens for incoming connections. Authentication against the Redfish server (using standard Redfish mechanisms) is required to access the measurements.

In addition to obtaining measurements from the BMC, you can also retrieve measurements from all eRoTs through the NVUE API or the NVUE CLI.

The following diagram illustrates both attestation paths:

The BMC API uses the standard Redfish ComponentIntegrity methodology to provide measurements to the remote. ComponentIntegrity requires authentication against the Redfish server, and following authentication, is accessible at:

Collapse Source Copy Copied! /​redfish/​v1/​ComponentIntegrity Issuing a GET to this URI will provide a list of component IDs that can be targeted for attestation actions. The output is similar to the following: { "@odata.id" : "/redfish/v1/ComponentIntegrity" , "@odata.type" : "#ComponentIntegrityCollection.ComponentIntegrityCollection" , "Members" : [ { "@odata.id" : "/redfish/v1/ComponentIntegrity/MGX_ERoT_BMC_0" }, { "@odata.id" : "/redfish/v1/ComponentIntegrity/MGX_ERoT_CPU_0" }, { "@odata.id" : "/redfish/v1/ComponentIntegrity/MGX_ERoT_FPGA_0" }, { "@odata.id" : "/redfish/v1/ComponentIntegrity/MGX_ERoT_NVSwitch_0" }, { "@odata.id" : "/redfish/v1/ComponentIntegrity/MGX_ERoT_NVSwitch_1" } ], "Members@odata.count" : 5 , "Name" : "ComponentIntegrity Collection" } Each of the SPDM responders on the tray are accessible with a Redfish GET method at: /​redfish/​v1/​ComponentIntegrity/​{ComponentIntegrityId} For example, issuing a request for the BMC eRoT results in something similar to: { "@odata.id" : "/redfish/v1/ComponentIntegrity/MGX_ERoT_BMC_0" , "@odata.type" : "#ComponentIntegrity.v1_0_0.ComponentIntegrity" , "Actions" : { "#ComponentIntegrity.SPDMGetSignedMeasurements" : { "@Redfish.ActionInfo" : "/redfish/v1/ComponentIntegrity/MGX_ERoT_BMC_0/SPDMGetSignedMeasurementsActionInfo" , "target" : "/redfish/v1/ComponentIntegrity/MGX_ERoT_BMC_0/Actions/ComponentIntegrity.SPDMGetSignedMeasurements" } }, "ComponentIntegrityEnabled" : true , "ComponentIntegrityType" : "SPDM" , "ComponentIntegrityTypeVersion" : "unknown" , "Id" : "MGX_ERoT_BMC_0" , "Links" : { "ComponentsProtected" : [ { "@odata.id" : "/redfish/v1/Managers/BMC_0" } ] }, "Name" : "SPDM Integrity for MGX_ERoT_BMC_0" , "SPDM" : { "IdentityAuthentication" : { "ResponderAuthentication" : { "ComponentCertificate" : { "@odata.id" : "/redfish/v1/Chassis/MGX_ERoT_BMC_0/Certificates/CertChain" } } }, "Requester" : { "@odata.id" : "/redfish/v1/Managers/BMC_0" } }, "TargetComponentURI" : "/redfish/v1/Chassis/MGX_ERoT_BMC_0" }

The ComponentCertificate property above can be used to obtain the certificate chain matching a specific component. In general, the SPDM certificate chain of an eRoT is obtainable with a GET method to:

Copy Copied! /redfish/v1/Chassis/​{ComponentIntegrityId}/Certificates/CertChain

This will return the certificate chain provided by the eRoT via the SPDM GET_CERTIFICATE command, specifically targeting certificate slot 0, which contains the NVIDIA certificate chain.

To retrieve the measurements from a component, use the following Redfish Action URI. Issue a POST request to initiate the measurement collection:

Copy Copied! {Base URI of target}/Actions/ComponentIntegrity.SPDMGetSignedMeasurements

The parameters provided for this action are standard (please refer to the Redfish schema documentation linked at the beginning of this document) and include a nonce, a certificate slot ID, and the requested measurements. To issue this command to the Switch Tray BMC, use the following values:

nonce = Generated and supplied by the entity invoking the Redfish Action

Certificate Slot ID = 0 (Slot 0 contains the NVIDIA certificate chain)

Requested Measurements = 0xFF (requests all measurements)

Measurement collection is asynchronous. Once you submit a request for measurements to the BMC, a task is created to gather the measurements. The URL for checking the task status is included in the response to the SPDMGetSignedMeasurements Action invocation. For example:

Copy Copied! { "@odata.id" : "/redfish/v1/TaskService/Tasks/0" , "@odata.type" : "#Task.v1_4_3.Task" , "Id" : "0" , "TaskState" : "Running" , "TaskStatus" : "OK" }

In general, the URI follows this format:

Copy Copied! /redfish/v1/TaskService/Tasks/<Spawned Task ID>

Sending a GET request to this URI will provide a status update on the task. Once the task indicates completion, the attestation measurements will be available.

To retrieve the measurements, send a GET request to:

Copy Copied! /redfish/v1/ComponentIntegrity/{ComponentIntegrityID}/Actions/ComponentIntegrity.SPDMGetSignedMeasurements/data

The result is in the following format:

Copy Copied! { "HashingAlgorithm" : "TPM_ALG_SHA_384" , "SignedMeasurements" : "<Base64 Encoding of the Signed Measurement Blob>” "SigningAlgorithm" : "TPM_ALG_ECDSA_ECC_NIST_P384" , "Version" : "1.1.0" }





The eRoT SPDM attestation results can also be accessed via the NVUE API and NVUE CLI.

The CLI commands to retrieve measurements and certificates are as follows:

CLI Syntax nv show system security spdm API URI GET https://<system_hostname>/nvue_v1/system/security/spdm Parameters None Notes The result is a list of the components available for attestation. “ERoT_BMC_0”,

“ERoT_CPU_0”,

“ERoT_FPGA_0”,

“ERoT_NVSwitch_0”,

“ERoT_NVSwitch_1”

CLI Syntax nv action generate system security spdm <component_id> [optional: nonce <nonce value>] API URI POST https://<system_hostname>/nvue_v1/ system/security/spdm/<component_id> Parameters component_id The eRoT for which attestation is requested. The list of possible component IDs can be obtained by the Show Attestable Components command above. nonce An optional parameter specifying the 256-bit nonce (provided as a hexadecimal string) to be signed together with the measurements by the SPDM responder. If not provided, a nonce is generated by the BMC. Notes This command initiates a task to generate the measurements. Once the task is complete, the measurements can be collected using the "show measurements" command.

CLI Syntax nv show system security spdm <component_id> measurements [optional: -ojson] API URI GET https://<system_hostname>/nvue_v1/ system/security/spdm/<component_id>/measurements Parameters component_id The eRoT for which attestation is requested. Can be one of the following: · ERoT_BMC_0 · ERoT_CPU_0 · ERoT_FPGA_0 · ERoT_NVSwitch_0 · ERoT_NVSwitch_1 Notes If “-o json” is specified the result is similar to the Redfish output: "HashingAlgorithm": "TPM_ALG_SHA_384", "SignedMeasurements": "<Base64 Encoding of the Signed Measurement Blob>” "SigningAlgorithm": "TPM_ALG_ECDSA_ECC_NIST_P384", "Version": "1.1.0" Without “-o json” a text output will be provided, but some fields will be omitted as they cannot be displayed.

CLI Syntax nv show system security spdm <component_id> certificates [optional: -ojson] API URI GET https://<system_hostname>/nvue_v1/ system/security/spdm/<component_id>/certificates Parameters component_id The eRoT for which the certificate chain is requested. The list of possible component IDs can be obtained by the Show Certificate List command above. Notes Without “-o json” a text output will be provided, but some fields will be omitted as they cannot be displayed.

The TPM-based measurements stored in the COMex TPM can be retrieved through the NVUE APIs or the NVUE CLI. These APIs are accessible via the Switch Management Network, which consists of two dedicated RJ-45 network ports connected to the COMex CPU. TPM-based measurements are not available through the BMC.

As with retrieving SPDM measurements via the NVUE API, authentication is required to obtain TPM measurements using this method. For authentication details, refer to the NVOS User Guide.

The flow below involves encapsulating a signed TPM Quote over the REST API. In addition to the NVUE API, an admin user logged into NVOS can generate measurements using the NVUE CLI.

CLI Syntax nv action upload system security tpm <file: IAK/quotes> API URI Will be defined in NVUE user manual Parameters file IAK.crt or quotes.json - IAK certificate or the prepared quote file. Notes The result is a list of the components available to upload from the system: The IAK certificate or the quote.json file.