CoRIM Structure

NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing v1.0

A CoRIM is associated with an image release. The CoRIM contains one or more CoMIDs, with each CoMID providing reference claims for a device. 

A signed CoRIM includes a set of protected header parameters, a set of unprotected header parameters, the payload, and the COSE Single Signer (COSE-Sign1) signature. The signature covers the protected header parameters and the payload. The message structures are built on the CBOR array type.

The corim-meta-map structure identifies the entity creating and signing the CoRIM and is part of the protected header parameters. Currently, the meta map contents reflect the following:


{ "signer": { "name": "NVIDIA" } } 

At the top-level, IANA global content tags identify unsigned and signed CoRIMs. The top-level CoRIM structure is described by the following CDDL rules:


corim = #6.500 (corim-type-choice) $corim-type-choice /= #6.501 (corim-map) $corim-type-choice /= #6.502 (signed-corim) 


© Copyright 2023, NVIDIA. Last updated on Sep 5, 2023.