The Attestation SDK provides developers with a easy to use APIs for implementing attestation capabilities into their applications.
The Attestation SDK offers developers easy-to-use APIs for implementing attestation capabilities into their Python applications. With this SDK, you can seamlessly integrate secure and reliable attestation services into your software, thereby ensuring the authenticity, integrity, and trustworthiness of your system.
Before installation, please review the Compatibility Matrix to determine the correct version of nvTrust and driver to install.
If you choose to install the Attestation SDK from the source code, use the following commands:
cd attestation_sdk
pip3 install .
If you choose to install the Attestation SDK directly from PyPI, use the following commands (requires virtual environment creation):
python3 -m venv venv
source venv/bin/activate
pip3 install nv-attestation-sdk
If you encounter warning and installation issues similar to the below while installing the package:
WARNING: Ignoring invalid distribution ~v-attestation-sdk <site-package-directory>
Please execute the following commands to clean up packages that were not installed properly and then re-try the installation:
rm -rf $(ls -l <site-packages-directory> | grep '~' | awk '{print $9}')
Create a Confidential Virtual Machine with the following specifications:
Install Python 3.8 or later.
Follow the instructions in nvTrust/guest_tools/local_gpu_verifier/README.md to install the NVIDIA GPU Local Verifier Python SDK. (Required for source code installation only)
Run the following command and ensure that you have the 'nv-local-gpu-verifier' Python module installed.
pip list | grep nv-local-gpu-verifier
nv-local-gpu-verifier 1.5.0
Local GPU Attestation
Refer to the sample implementation
Remote GPU Attestation
Refer to the sample implementation
Create a Confidential Virtual Machine with multiple GPUs connected by nvSwitch with the following specifications:
Unlike GPU Verifier, Switch Verifier comes pre-installed with Attestation SDK.
Local nvSwitch Attestation
Refer to the sample implementation
Remote nvSwitch Attestation
Refer to the sample implementation
For local and remote verifier claims information for NVIDIA GPUs, switches, and related troubleshooting information, please refer to the Attestation Troubleshooting documentation.
You can find a sample Attestation Result policy file for Local and Remote Attestation here. Please note that the Schema/EAT claim information is subject to change in future releases.
python3 -m pip install --upgrade build
python3 -m build
| SDK version | NRAS API Version | Claims Version |
|---|---|---|
| v1.1.0 | v1 | N/A |
| v1.2.0 | v1 | N/A |
| v1.3.0 | v1 | N/A |
| v1.4.0 | v1 | N/A |
| v1.5.0 | v2 | N/A |
| v2.0.0 | v3 | 2.0 |
| v2.1.0 | v3 | 2.0 |
| v2.1.1 | v3 | 2.0 |
| v2.1.2 | v3 | 2.0 |
| v2.1.3 | v3 | 2.0 |
More information on claims can be found here
nv_attestation_sdk import attestation
| API | Description |
|---|---|
| Attestation(<-name->) | Create a new Attestation Object used to call other Attestation methods. |
| set_name(<-name->) | Set a name for the Attestation SDK client |
| set_nonce(<-nonce->) | Set a nonce for Attestation |
| add_verifier(<-attestation-device-type->, <-local/remote->, <-remote-attestation-service-url->, <-attestation-results-policy->) | Add a specific type of verifier for the client object. The verifier will be invoked during the attest operation |
| get_verifiers() | Retrieves the list of verifiers added to the client object. |
| get_evidence() | Retrieves the list of evidence based on the attestation device (e.g., GPU, switch) and the type of attestation (e.g., local, remote). |
| attest() | Trigger the Attestation for the client object, This uses the Attestation type configured in the add_verifier method |
| get_token() | Retrieves the Attestation token that contains claims corresponding to the Attestation result. |
| validate_token(<-attestation-results-policy->) | Validate the Attestation Claims against a policy |
| decode_token(<-jwt-token->) | Decodes the JWT token to claims received by the verifier |
The below configuration can be set using environment variables in the console
| Configuration | Values | Explanation |
|---|---|---|
| NV_ALLOW_HOLD_CERT | true/false | Enable attestation if the OCSP revocation status of the certificate in the RIM files is 'certificate_hold'. Defaults to false.' |
Please note that starting from nvTrust v1.5.0, the NRAS v1 API and Relying Party Policy version 1.0 have been deprecated. Additionally, installation via wheel files will no longer be supported from v1.5.0 onward.
FAQs
The Attestation SDK provides developers with a easy to use APIs for implementing attestation capabilities into their applications.
We found that nv-attestation-sdk demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.