COSE Validation

NVIDIA Device Attestation and CoRIM-based Reference Measurement Sharing v1.0

Signed CoRIM files can be validated as follows. The CoRIM file contains the following information internally about the certificate that matches the private key that was used to generate to sign the CoRIM file:

Copy
Copied!
            

"dependent-rims": [              {                    "href": <Certificate URI>,                    "thumbprint": <Thumbprint>               }   ]

NVIDIA CoRIM PKI consists of a 3-level certificate chain: 

  • CoRIM root CA – root CA for NVIDIA CoRIMs 

  • CoRIM ConnectX-7 sub-CA – singed by the root CA and represents ConnectX-7 CoRIMs 

  • CoRIM ConnectX-7 singer - singed by the CoRIM ConnectX-7 sub-CA and signs the CoRIM itself

The CoRIM ConnectX-7 signer certificate used to sign the CoRIM itself is located and accessible from the public URL which is referenced by the CoRIM "dependent-rims" href structure. The public key in this certificate should be used to verify the CoRIM signature. The CoRIM root CA and CoRIM sub-CA certificates are publicly accessible and can be found in the following links:

© Copyright 2023, NVIDIA. Last updated on Sep 5, 2023.