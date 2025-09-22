NVIDIA NVOS User Manual for NVLink Switches v25.02.4282
SPDM Commands

nv show system security spdm

Show list of component integrity ERoT in the BMC, with their measurements if present and certificate-chains.

Syntax Description

N/A

Default

N/A

History

25.02.1884

25.02.4253 Updated command output

Example

admin@nvos:~$ nv show system security spdm
Component        Id         HashingAlgorithm
---------------  ---------  ----------------
ERoT_BMC_0       CertChain  TPM_ALG_SHA_384 
ERoT_CPU_0       CertChain  TPM_ALG_SHA_384 
ERoT_FPGA_0      CertChain  TPM_ALG_SHA_384 
ERoT_NVSwitch_0  CertChain  TPM_ALG_SHA_384 
ERoT_NVSwitch_1  CertChain  TPM_ALG_SHA_384

admin@nvos:~$ nv show system security spdm ERoT_BMC_0
 
                    operational    
------------------  ---------------
measurements                       
  HashingAlgorithm  TPM_ALG_SHA_384
certificates                       
  Id                CertChain

REST API

GET https://<ip>/nvue_v1/system/security/spdm

Related Commands

nv action generate system security spdm

nv show system security spdm [component] measurements

nv show system security spdm [component] certificates

Notes

The output differs between JSON and regular "nv show" formats. The regular display will only show a list of ERoT and only if the relevant fields are present. In contrast, the JSON output is much longer, comprising five ERoT responses.

In th output, when the name of the component is listed, the possible outcomes are as follows: (enum:ERoT_BMC_0, ERoT_CPU_0, ERoT_FPGA_0, ERoT_NVSwitch_0, ERoT_NVSwitch_1)

nv show system security spdm certificates

Shows certificate-chain of component integrity ERoT in the BMC.

Syntax Description

N/A

Default

N/A

History

25.02.1884

Example

admin@nvos:~$ nv show system security spdm ERoT_BMC_0 certificates
 
    operational
--  -----------
Id  CertChain 
 
admin@nvos:~$ nv show sys sec spdm ERoT_CPU_0 certificates -o json
{
  "CertificateString": "-----BEGIN CERTIFICATE-----\n…AX\n-----END CERTIFICATE-----\n",
  "CertificateType": "PEMchain",
  "CertificateUsageTypes": [
    "Device"
  ],
  "Id": "CertChain",
  "Name": "MGX_ERoT_CPU_0 Certificate Chain",
  "SPDM": {
    "SlotId": 0
  }
}

REST API

GET https://<ip>/nvue_v1/system/security/spdm/ERoT_BMC_0/ certificates

Related Commands

nv action generate system security spdm

nv show system security spdm [component] measurements

nv show system security spdm

Notes

The output differs between JSON and regular "nv show" formats. The regular display will only show a list of ERoT and only if the relevant fields are present.

nv show system security spdm measurements

Shows certificate-chain of component integrity ERoT in the BMC.

Syntax Description

N/A

Default

N/A

History

25.02.1884

Example
admin@nvos:~$ nv show system security spdm ERoT_BMC_0 certificates
 
operational
------------------  -----------
measurements                  
  HashingAlgorithm  None      
 
 
nv show sys sec spdm ERoT_CPU_0 measurements -ojson
 {
      "HashingAlgorithm": "None",
      "SignedMeasurements": "",
      "SigningAlgorithm": "None",
      "Version": "unknown"
    }

REST API

GET https://<ip>/nvue_v1/system/security/spdm/ERoT_BMC_0/ measurements

Related Commands

nv action generate system security spdm

nv show system security spdm certificates

nv show system security spdm

Notes

Result differs on Json and nv show format – regular show will show only list of ERoT and if fields are present

nv action generate system security spdm

Generate measurements on BMC.

Syntax Description

nonce

64 char hex string

Default

N/A

History

25.02.1884

Example
admin@nvos:~$ nv action generate system security spdm ERoT_BMC_0
Action executing ...
Action succeeded

REST API

POST https://<ip>/nvue_v1/system/security/spdm/{component-id}

Related Commands

nv show system security spdm

nv show system security spdm [component] measurements

nv show system security spdm [component] certificates

Notes
