Device attestation based on SPDM standard and OCP guidelines is introduced in NVIDIA BlueField-3 and ConnectX-7 using SPDM v1.1.
Attestation is a mechanism in which a host/platform automatically verifies the authenticity and integrity of the hardware and software state of a device. The mechanism is based on a HW RoT and utilizes SPDM messages that handle the attestation, measurement collection, and trust between device and platform BMC or platform RoT (usually host BMC). This provides the added value of increased security and assurance that the host/platform of device is not being tampered with and has the proper software running on it.
Measurements are shared based on the CORIM/COMID model. More details are provided further down in the document.
The reference manifest consists of a top-level structure containing either a signed CoRIM or an unsigned CoRIM. A CoRIM is comprised of one or more CoMIDs, with each CoMID providing the reference claims about hardware and firmware for a device. The CoRIM and CoMIDs are encoded in CBOR format. Signed CoRIMs use COSE signatures.