# NVIDIA Attestation SDK
The Attestation SDK offers developers easy-to-use APIs for implementing attestation capabilities into their Python applications. With this SDK, you can seamlessly integrate secure and reliable attestation services into your software, thereby ensuring the authenticity, integrity, and trustworthiness of your system.
- [NVIDIA Attestation SDK](#nvidia-attestation-sdk)
- [Features](#features)
- [Install Attestation SDK](#install-attestation-sdk)
- [From Source](#from-source)
- [From PyPI](#from-pypi)
- [Troubleshooting Installation Issues](#troubleshooting-installation-issues)
- [GPU Attestation](#gpu-attestation)
- [Pre-requisites](#pre-requisites)
- [How to do Attestation](#how-to-do-attestation)
- [Switch Attestation](#switch-attestation)
- [Pre-requisites](#pre-requisites-1)
- [How to do Attestation](#how-to-do-attestation-1)
- [Claims and Troubleshooting information](#claims-and-troubleshooting-information)
- [Policy File](#policy-file)
- [Building Attestation SDK](#building-attestation-sdk)
- [Attestation SDK APIs](#attestation-sdk-apis)
- [Note](#note)
## Features
- Local GPU Attestation (using NVIDIA NVML based Python libraries)
- Remote GPU Attestation (using NVIDIA Remote Attestation Service)
- Local Switch Attestation (using NVIDIA NSCQ based Python libraries)
- Remote Switch Attestation (using NVIDIA Remote Attestation Service)
## Install Attestation SDK
Before installation, please review the [Compatibility Matrix](#compatibility-matrix) to determine the correct version of nvTrust and driver to install.
### From Source
If you choose to install the Attestation SDK from the source code, use the following commands:
cd attestation_sdk
pip3 install .
### From PyPI
If you choose to install the Attestation SDK directly from PyPI, use the following commands (requires virtual environment creation):
python3 -m venv venv
source venv/bin/activate
pip3 install nv-attestation-sdk
### Troubleshooting Installation Issues
If you encounter warning and installation issues similar to the below while installing the package:
`WARNING: Ignoring invalid distribution ~v-attestation-sdk <site-package-directory>`
Please execute the following commands to clean up packages that were not installed properly and then re-try the installation:
rm -rf $(ls -l <site-packages-directory> | grep '~' | awk '{print $9}')
## GPU Attestation
### Pre-requisites
1. Create a Confidential Virtual Machine with the following specifications:
- NVIDIA Hopper H100 (or later) GPU that supports CC
- NVIDIA GPU Driver with CC / PPCIE support.
- GPU SKU that supports Confidential Computing.
2. Install Python 3.8 or later.
3. Follow the instructions in nvTrust/guest_tools/local_gpu_verifier/README.md to install the NVIDIA GPU Local Verifier Python SDK. (Required for source code installation only)
4. Run the following command and ensure that you have the 'nv-local-gpu-verifier' Python module installed.
```
pip list | grep nv-local-gpu-verifier
nv-local-gpu-verifier 1.5.0
```
### How to do Attestation
- Local GPU Attestation
Refer to the [sample implementation](https://github.com/NVIDIA/nvtrust/blob/main/guest_tools/attestation_sdk/tests/LocalGPUTest.py)
- Remote GPU Attestation
Refer to the [sample implementation](https://github.com/NVIDIA/nvtrust/blob/main/guest_tools/attestation_sdk/tests/RemoteGPUTest.py)
## Switch Attestation
### Pre-requisites
1. Create a Confidential Virtual Machine with multiple GPUs connected by nvSwitch with the following specifications:
- LS10 Switch supporting PPCIE mode
- NvSwitch Driver with PPCIE support.
- GPU SKU that supports Confidential Computing.
2. Unlike GPU Verifier, Switch Verifier comes pre-installed with Attestation SDK.
### How to do Attestation
- Local nvSwitch Attestation
Refer to the [sample implementation](tests/LocalSwitchTest.py)
- Remote nvSwitch Attestation
Refer to the [sample implementation](tests/RemoteSwitchTest_v3.py)
## Claims and Troubleshooting information
For local and remote verifier claims information for NVIDIA GPUs, switches, and related troubleshooting information, please refer to the [Attestation Troubleshooting documentation](../attestation_troubleshooting_guide.md).
## Policy File
You can find a sample Attestation Result policy file for Local and Remote Attestation [here](tests/policies/).
Please note that the Schema/EAT claim information is subject to change in future releases.
## Building Attestation SDK
python3 -m pip install --upgrade build
python3 -m build
## Compatibility Matrix
SDK version | NRAS API Version | Claims Version
--------------- |-----------------|----------------
v1.1.0 | v1 | N/A
v1.2.0 | v1 | N/A
v1.3.0 | v1 | N/A
v1.4.0 | v1 | N/A
v1.5.0 | v2 | N/A
v2.0.0 | v3 | 2.0
v2.1.0 | v3 | 2.0
v2.1.1 | v3 | 2.0
v2.1.2 | v3 | 2.0
v2.1.3 | v3 | 2.0
More information on claims can be found [here](https://github.com/NVIDIA/nvtrust/blob/main/guest_tools/attestation_troubleshooting_guide.md)
## Attestation SDK APIs
**nv_attestation_sdk import attestation**
| API | Description |
|---------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|
| Attestation(<-name->) | Create a new Attestation Object used to call other Attestation methods. |
| set_name(<-name->) | Set a name for the Attestation SDK client |
| set_nonce(<-nonce->) | Set a nonce for Attestation |
| add_verifier(<-attestation-device-type->, <-local/remote->, <-remote-attestation-service-url->, <-attestation-results-policy->) | Add a specific type of verifier for the client object. The verifier will be invoked during the attest operation |
| get_verifiers() | Retrieves the list of verifiers added to the client object. |
| get_evidence() | Retrieves the list of evidence based on the attestation device (e.g., GPU, switch) and the type of attestation (e.g., local, remote). |
| attest() | Trigger the Attestation for the client object, This uses the Attestation type configured in the add_verifier method |
| get_token() | Retrieves the Attestation token that contains claims corresponding to the Attestation result. |
| validate_token(<-attestation-results-policy->) | Validate the Attestation Claims against a policy |
| decode_token(<-jwt-token->) | Decodes the JWT token to claims received by the verifier |
## Attestation SDK configuration
The below configuration can be set using environment variables in the console
Configuration | Values | Explanation |
-------------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------
NV_ALLOW_HOLD_CERT | true/false | Enable attestation if the OCSP revocation status of the certificate in the RIM files is 'certificate_hold'. Defaults to false.'|
## Note
Please note that starting from nvTrust v1.5.0, the NRAS v1 API and Relying Party Policy version 1.0 have been deprecated. Additionally, installation via wheel files will no longer be supported from v1.5.0 onward.
Raw data
{
"_id": null,
"home_page": null,
"name": "nv-attestation-sdk",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.7",
"maintainer_email": null,
"keywords": "confidential-computing, local-gpu-verifier, attestation, NVIDIA",
"author": "Karthik Jayaraman",
"author_email": "kjayaraman@nvidia.com",
"download_url": null,
"platform": null,
"description": "# NVIDIA Attestation SDK\n\nThe Attestation SDK offers developers easy-to-use APIs for implementing attestation capabilities into their Python applications. With this SDK, you can seamlessly integrate secure and reliable attestation services into your software, thereby ensuring the authenticity, integrity, and trustworthiness of your system.\n\n- [NVIDIA Attestation SDK](#nvidia-attestation-sdk)\n - [Features](#features)\n - [Install Attestation SDK](#install-attestation-sdk)\n - [From Source](#from-source)\n - [From PyPI](#from-pypi)\n - [Troubleshooting Installation Issues](#troubleshooting-installation-issues)\n - [GPU Attestation](#gpu-attestation)\n - [Pre-requisites](#pre-requisites)\n - [How to do Attestation](#how-to-do-attestation)\n - [Switch Attestation](#switch-attestation)\n - [Pre-requisites](#pre-requisites-1)\n - [How to do Attestation](#how-to-do-attestation-1)\n - [Claims and Troubleshooting information](#claims-and-troubleshooting-information)\n - [Policy File](#policy-file)\n - [Building Attestation SDK](#building-attestation-sdk)\n - [Attestation SDK APIs](#attestation-sdk-apis)\n - [Note](#note)\n\n## Features\n\n- Local GPU Attestation (using NVIDIA NVML based Python libraries)\n- Remote GPU Attestation (using NVIDIA Remote Attestation Service)\n- Local Switch Attestation (using NVIDIA NSCQ based Python libraries)\n- Remote Switch Attestation (using NVIDIA Remote Attestation Service)\n\n## Install Attestation SDK\n\nBefore installation, please review the [Compatibility Matrix](#compatibility-matrix) to determine the correct version of nvTrust and driver to install.\n\n### From Source\n\nIf you choose to install the Attestation SDK from the source code, use the following commands:\n\n cd attestation_sdk\n pip3 install .\n\n### From PyPI\n\nIf you choose to install the Attestation SDK directly from PyPI, use the following commands (requires virtual environment creation):\n\n python3 -m venv venv\n source venv/bin/activate\n pip3 install nv-attestation-sdk\n\n### Troubleshooting Installation Issues\n\nIf you encounter warning and installation issues similar to the below while installing the package:\n`WARNING: Ignoring invalid distribution ~v-attestation-sdk <site-package-directory>`\n \nPlease execute the following commands to clean up packages that were not installed properly and then re-try the installation:\n \n rm -rf $(ls -l <site-packages-directory> | grep '~' | awk '{print $9}')\n\n## GPU Attestation\n\n### Pre-requisites\n\n1. Create a Confidential Virtual Machine with the following specifications:\n - NVIDIA Hopper H100 (or later) GPU that supports CC\n - NVIDIA GPU Driver with CC / PPCIE support.\n - GPU SKU that supports Confidential Computing.\n\n2. Install Python 3.8 or later.\n\n3. Follow the instructions in nvTrust/guest_tools/local_gpu_verifier/README.md to install the NVIDIA GPU Local Verifier Python SDK. (Required for source code installation only) \n \n4. Run the following command and ensure that you have the 'nv-local-gpu-verifier' Python module installed.\n ```\n pip list | grep nv-local-gpu-verifier\n nv-local-gpu-verifier 1.5.0\n ```\n\n### How to do Attestation\n\n- Local GPU Attestation\n\n Refer to the [sample implementation](https://github.com/NVIDIA/nvtrust/blob/main/guest_tools/attestation_sdk/tests/LocalGPUTest.py)\n\n- Remote GPU Attestation\n\n Refer to the [sample implementation](https://github.com/NVIDIA/nvtrust/blob/main/guest_tools/attestation_sdk/tests/RemoteGPUTest.py)\n\n## Switch Attestation\n\n### Pre-requisites\n\n1. Create a Confidential Virtual Machine with multiple GPUs connected by nvSwitch with the following specifications:\n - LS10 Switch supporting PPCIE mode\n - NvSwitch Driver with PPCIE support.\n - GPU SKU that supports Confidential Computing.\n\n2. Unlike GPU Verifier, Switch Verifier comes pre-installed with Attestation SDK.\n\n### How to do Attestation\n\n- Local nvSwitch Attestation\n\n Refer to the [sample implementation](tests/LocalSwitchTest.py)\n\n- Remote nvSwitch Attestation\n\n Refer to the [sample implementation](tests/RemoteSwitchTest_v3.py)\n\n## Claims and Troubleshooting information\n\nFor local and remote verifier claims information for NVIDIA GPUs, switches, and related troubleshooting information, please refer to the [Attestation Troubleshooting documentation](../attestation_troubleshooting_guide.md).\n\n## Policy File\n\nYou can find a sample Attestation Result policy file for Local and Remote Attestation [here](tests/policies/).\nPlease note that the Schema/EAT claim information is subject to change in future releases.\n\n## Building Attestation SDK\n\n python3 -m pip install --upgrade build\n python3 -m build\n\n## Compatibility Matrix \n\nSDK version | NRAS API Version | Claims Version\n--------------- |-----------------|----------------\nv1.1.0 | v1 | N/A\nv1.2.0 | v1 | N/A\nv1.3.0 | v1 | N/A\nv1.4.0 | v1 | N/A\nv1.5.0 | v2 | N/A\nv2.0.0 | v3 | 2.0\nv2.1.0 | v3 | 2.0\nv2.1.1 | v3 | 2.0\nv2.1.2 | v3 | 2.0\nv2.1.3 | v3 | 2.0\n\nMore information on claims can be found [here](https://github.com/NVIDIA/nvtrust/blob/main/guest_tools/attestation_troubleshooting_guide.md)\n\n## Attestation SDK APIs\n\n**nv_attestation_sdk import attestation**\n| API | Description |\n|---------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|\n| Attestation(<-name->) | Create a new Attestation Object used to call other Attestation methods. |\n| set_name(<-name->) | Set a name for the Attestation SDK client |\n| set_nonce(<-nonce->) | Set a nonce for Attestation |\n| add_verifier(<-attestation-device-type->, <-local/remote->, <-remote-attestation-service-url->, <-attestation-results-policy->) | Add a specific type of verifier for the client object. The verifier will be invoked during the attest operation |\n| get_verifiers() | Retrieves the list of verifiers added to the client object. |\n| get_evidence() | Retrieves the list of evidence based on the attestation device (e.g., GPU, switch) and the type of attestation (e.g., local, remote). |\n| attest() | Trigger the Attestation for the client object, This uses the Attestation type configured in the add_verifier method |\n| get_token() | Retrieves the Attestation token that contains claims corresponding to the Attestation result. |\n| validate_token(<-attestation-results-policy->) | Validate the Attestation Claims against a policy |\n| decode_token(<-jwt-token->) | Decodes the JWT token to claims received by the verifier |\n## Attestation SDK configuration\nThe below configuration can be set using environment variables in the console\nConfiguration | Values | Explanation |\n-------------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------\nNV_ALLOW_HOLD_CERT | true/false | Enable attestation if the OCSP revocation status of the certificate in the RIM files is 'certificate_hold'. Defaults to false.'|\n\n## Note\nPlease note that starting from nvTrust v1.5.0, the NRAS v1 API and Relying Party Policy version 1.0 have been deprecated. Additionally, installation via wheel files will no longer be supported from v1.5.0 onward.\n",
"bugtrack_url": null,
"license": null,
"summary": "The Attestation SDK provides developers with a easy to use APIs for implementing attestation capabilities into their applications.",
"version": "2.1.3",
"project_urls": null,
"split_keywords": [
"confidential-computing",
" local-gpu-verifier",
" attestation",
" nvidia"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "6a41d1f25b4d67c5b9cba0bc5a22b60d558ad50833cecc666eca6ad6977badea",
"md5": "b2e6a60434389ae715fb1f2be2d9aba5",
"sha256": "a47e2b4e03bd931b755afe970f308f1ec568c3eb048d915424bd70063f0a7e26"
},
"downloads": -1,
"filename": "nv_attestation_sdk-2.1.3-py3-none-any.whl",
"has_sig": false,
"md5_digest": "b2e6a60434389ae715fb1f2be2d9aba5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.7",
"size": 93425,
"upload_time": "2024-12-07T19:44:16",
"upload_time_iso_8601": "2024-12-07T19:44:16.235277Z",
"url": "https://files.pythonhosted.org/packages/6a/41/d1f25b4d67c5b9cba0bc5a22b60d558ad50833cecc666eca6ad6977badea/nv_attestation_sdk-2.1.3-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-07 19:44:16",
"github": false,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"lcname": "nv-attestation-sdk"
}
JSON