Hello,
I attempted NVIDIA Confidential Computing (NCC) attestation on an H200 GPU running on a bare-metal cloud instance, but it failed as shown below.
python3 LocalGPUTest.py
/home/tdx/nvtrust/guest_tools/attestation_sdk/tests/end_to_end/hardware/sample/LocalGPUTest.py:11: DeprecationWarning: nv-attestation-sdk is deprecated and will reach end of support on September 15, 2026. Please migrate to the C++ SDK: https://github.com/NVIDIA/attestation-sdk. Migration guide: https://docs.nvidia.com/attestation/attestation-client-tools-sdk/latest/migration_guide.html
client = attestation.Attestation()
[LocalGPUTest] node name : thisNode1
[['LOCAL_GPU_CLAIMS', <Devices.GPU: 2>, <Environment.LOCAL: 2>, '', '', '', 'https://ocsp.ndis.nvidia.com/', 'https://rim.attestation.nvidia.com/v1/rim/']]
[LocalGPUTest] call get_evidence()
Nonce generated: 931d8dd0add203ac3d8b4fbde75e115278eefcdceac5b87671a748f32364dfcb
Number of GPUs available : 1
Fetching GPU 0 information from GPU driver.
All GPU Evidences fetched successfully
[LocalGPUTest] call attest() - expecting True
-----------------------------------
Verifying GPU: GPU-285d37e5-51c1-af10-bcd9-ad1d99a34f40
Driver version fetched : 595.58.03
VBIOS version fetched : 96.00.da.00.16
Validating GPU certificate chains.
The firmware ID in the device certificate chain is matching with the one in the attestation report.
GPU attestation report certificate chain validation successful.
The certificate chain revocation status verification successful.
Authenticating attestation report
The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
Driver version fetched from the attestation report : 595.58.03
VBIOS version fetched from the attestation report : 96.00.da.00.16
Attestation report signature verification successful.
Attestation report verification successful.
Authenticating the RIMs.
Authenticating Driver RIM
Fetching the driver RIM from the RIM service.
RIM Schema validation passed.
driver RIM certificate chain verification successful.
The certificate chain revocation status verification successful.
driver RIM signature verification successful.
Driver RIM verification successful
Authenticating VBIOS RIM.
Fetching the VBIOS RIM from the RIM service.
Could not fetch RIM file from RIM service with id : NV_GPU_VBIOS_G520_0282_895_9600DA0016
Error occurred while fetching the vbios RIM from the RIM service due to Unable to fetch RIM file from RIM service: NV_GPU_VBIOS_G520_0282_895_9600DA0016
Unable to fetch vbios RIM from RIM service: NV_GPU_VBIOS_G520_0282_895_9600DA0016
GPU Attestation failed.
[LocalGPUTest] call attest() - result : False
[LocalGPUTest] token : [["JWT", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJOVi1BdHRlc3RhdGlvbi1TREsiLCJpYXQiOjE3NzYxNjExNTcsImV4cCI6MTc3NjE2NDc1NywibmJmIjoxNzc2MTYxMDM3LCJqdGkiOiI2OGRiNTc2OS1lYzMwLTQwNzYtOGJkOS1kYjk3MTk0OGM5ZGIifQ.B-oQ2T0w2XnfGYywEjFPQIU2MUHBzbNeIt19okMHxeA"], {"LOCAL_GPU_CLAIMS": [["JWT", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJOVklESUEtUExBVEZPUk0tQVRURVNUQVRJT04iLCJuYmYiOjE3NzYxNjEwMzcsImV4cCI6MTc3NjE2NDc1NywiaWF0IjoxNzc2MTYxMTU3LCJqdGkiOiIyNTI3NjAyMi00Y2RhLTQwZWYtOGIxOS0wNGJlZWI0MWU1ZTYiLCJ4LW52aWRpYS12ZXIiOiIzLjAiLCJpc3MiOiJMT0NBTF9HUFVfVkVSSUZJRVIiLCJ4LW52aWRpYS1vdmVyYWxsLWF0dC1yZXN1bHQiOmZhbHNlLCJzdWJtb2RzIjp7IkdQVS0wIjpbIkRJR0VTVCIsWyJTSEEyNTYiLCI3ZTIzMmVkOWJmMzQ5ZmQ3MDE1YTQ2NDRkMDNkNGFmNWZlYTE5ZWM3MWVhOGI5ODQyMDE2NjY1YmY2MjM4NmQ4Il1dfSwiZWF0X25vbmNlIjoiOTMxZDhkZDBhZGQyMDNhYzNkOGI0ZmJkZTc1ZTExNTI3OGVlZmNkY2VhYzViODc2NzFhNzQ4ZjMyMzY0ZGZjYiJ9.tfKSCjDZ_gPqH_WMokDtZi6gG-qGcKiLHnNd21ch07k"], {"GPU-0": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZWFzcmVzIjpudWxsLCJ4LW52aWRpYS1ncHUtYXJjaC1jaGVjayI6dHJ1ZSwieC1udmlkaWEtZ3B1LWRyaXZlci12ZXJzaW9uIjoiNTk1LjU4LjAzIiwieC1udmlkaWEtZ3B1LXZiaW9zLXZlcnNpb24iOiI5Ni4wMC5EQS4wMC4xNiIsIngtbnZpZGlhLWdwdS1hdHRlc3RhdGlvbi1yZXBvcnQtY2VydC1jaGFpbiI6eyJ4LW52aWRpYS1jZXJ0LWV4cGlyYXRpb24tZGF0ZSI6Ijk5OTktMTItMzFUMjM6NTk6NTkiLCJ4LW52aWRpYS1jZXJ0LXN0YXR1cyI6InZhbGlkIiwieC1udmlkaWEtY2VydC1vY3NwLXN0YXR1cyI6Imdvb2QiLCJ4LW52aWRpYS1jZXJ0LXJldm9jYXRpb24tcmVhc29uIjpudWxsfSwieC1udmlkaWEtZ3B1LWF0dGVzdGF0aW9uLXJlcG9ydC1jZXJ0LWNoYWluLWZ3aWQtbWF0Y2giOnRydWUsIngtbnZpZGlhLWdwdS1hdHRlc3RhdGlvbi1yZXBvcnQtcGFyc2VkIjp0cnVlLCJ4LW52aWRpYS1ncHUtYXR0ZXN0YXRpb24tcmVwb3J0LW5vbmNlLW1hdGNoIjp0cnVlLCJ4LW52aWRpYS1ncHUtYXR0ZXN0YXRpb24tcmVwb3J0LXNpZ25hdHVyZS12ZXJpZmllZCI6dHJ1ZSwieC1udmlkaWEtZ3B1LWRyaXZlci1yaW0tZmV0Y2hlZCI6dHJ1ZSwieC1udmlkaWEtZ3B1LWRyaXZlci1yaW0tc2NoZW1hLXZhbGlkYXRlZCI6dHJ1ZSwieC1udmlkaWEtZ3B1LWRyaXZlci1yaW0tY2VydC1jaGFpbiI6eyJ4LW52aWRpYS1jZXJ0LWV4cGlyYXRpb24tZGF0ZSI6IjIwMjgtMDMtMTZUMTg6NTk6NDEiLCJ4LW52aWRpYS1jZXJ0LXN0YXR1cyI6InZhbGlkIiwieC1udmlkaWEtY2VydC1vY3NwLXN0YXR1cyI6Imdvb2QiLCJ4LW52aWRpYS1jZXJ0LXJldm9jYXRpb24tcmVhc29uIjpudWxsfSwieC1udmlkaWEtZ3B1LWRyaXZlci1yaW0tc2lnbmF0dXJlLXZlcmlmaWVkIjp0cnVlLCJ4LW52aWRpYS1ncHUtZHJpdmVyLXJpbS12ZXJzaW9uLW1hdGNoIjp0cnVlLCJ4LW52aWRpYS1ncHUtZHJpdmVyLXJpbS1tZWFzdXJlbWVudHMtYXZhaWxhYmxlIjp0cnVlLCJ4LW52aWRpYS1ncHUtdmJpb3MtcmltLWZldGNoZWQiOm51bGwsIngtbnZpZGlhLWdwdS12Ymlvcy1yaW0tc2NoZW1hLXZhbGlkYXRlZCI6bnVsbCwieC1udmlkaWEtZ3B1LXZiaW9zLXJpbS1jZXJ0LWNoYWluIjp7IngtbnZpZGlhLWNlcnQtZXhwaXJhdGlvbi1kYXRlIjpudWxsLCJ4LW52aWRpYS1jZXJ0LXN0YXR1cyI6bnVsbCwieC1udmlkaWEtY2VydC1vY3NwLXN0YXR1cyI6bnVsbCwieC1udmlkaWEtY2VydC1yZXZvY2F0aW9uLXJlYXNvbiI6bnVsbH0sIngtbnZpZGlhLWdwdS12Ymlvcy1yaW0tdmVyc2lvbi1tYXRjaCI6bnVsbCwieC1udmlkaWEtZ3B1LXZiaW9zLXJpbS1zaWduYXR1cmUtdmVyaWZpZWQiOm51bGwsIngtbnZpZGlhLWdwdS12Ymlvcy1yaW0tbWVhc3VyZW1lbnRzLWF2YWlsYWJsZSI6bnVsbCwieC1udmlkaWEtZ3B1LXZiaW9zLWluZGV4LW5vLWNvbmZsaWN0IjpudWxsLCJlYXRfbm9uY2UiOiI5MzFkOGRkMGFkZDIwM2FjM2Q4YjRmYmRlNzVlMTE1Mjc4ZWVmY2RjZWFjNWI4NzY3MWE3NDhmMzIzNjRkZmNiIiwiaHdtb2RlbCI6IkdIMTAwIEEwMSBHU1AgQlJPTSIsInVlaWQiOiI1MzE2NTk1Njk3MTY4MTQzMDMxMDE0MjYxMDUyNTYwNDcyNTE0MTkwODY3NDMyNjIiLCJvZW1pZCI6IjU3MDMiLCJpc3MiOiJMT0NBTF9HUFVfVkVSSUZJRVIiLCJuYmYiOjE3NzYxNjEwMzcsImV4cCI6MTc3NjE2NDc1NywiaWF0IjoxNzc2MTYxMTU3LCJqdGkiOiIzOWM0NTUwZi05MWY2LTQxY2YtYmRjYy01NTBhODI4OTMzYjAifQ.JTyKGLioPZe-V2vzaLhI3CAWZ5B3cOaEKJvAV2QgBjk"}]}]
[LocalGPUTest] call validate_token() - expecting True
[ERROR] Invalid token. Authorized claims does not match the appraisal policy: x-nvidia-overall-att-result
[LocalGPUTest] call validate_token() - result: False
Looking at the output, it appears that the RIM for the VBIOS version (96.00.da.00.16) does not exist on the RIM service.
I am aware that similar issues have been reported previously. In particular, Issue #101 indicated that the VBIOS version in question was not supported for NCC, so I asked our cloud vendor to update the GPU firmware accordingly. However, the attestation is still failing as shown above.
I can also confirm via curl that the RIM is indeed missing from the service:
$ curl https://rim.attestation.nvidia.com/v1/rim/NV_GPU_VBIOS_G520_0282_895_9600DA0016
{"message":"RIM_NOT_FOUND","request_id":"11eace80-d846-4158-ad1c-cf68ef0d8044"}
It is unclear to me whether there is something we need to fix on our end, or whether the corresponding RIM needs to be registered on the RIM service side. Any guidance on how to resolve this would be greatly appreciated.
As the time I have to use this machine is limited, please let me know as soon as possible if there is any additional information you would like me to show you.
Environment:
- GPU: H200
- VBIOS version: 96.00.da.00.16
- Driver version: 595.58.03
- GPU UUID: GPU-285d37e5-51c1-af10-bcd9-ad1d99a34f40
- Missing RIM ID: NV_GPU_VBIOS_G520_0282_895_9600DA0016
Hello,
I attempted NVIDIA Confidential Computing (NCC) attestation on an H200 GPU running on a bare-metal cloud instance, but it failed as shown below.
Looking at the output, it appears that the RIM for the VBIOS version (96.00.da.00.16) does not exist on the RIM service.
I am aware that similar issues have been reported previously. In particular, Issue #101 indicated that the VBIOS version in question was not supported for NCC, so I asked our cloud vendor to update the GPU firmware accordingly. However, the attestation is still failing as shown above.
I can also confirm via curl that the RIM is indeed missing from the service:
It is unclear to me whether there is something we need to fix on our end, or whether the corresponding RIM needs to be registered on the RIM service side. Any guidance on how to resolve this would be greatly appreciated.
As the time I have to use this machine is limited, please let me know as soon as possible if there is any additional information you would like me to show you.
Environment: