Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add NVIDIA GPU local and remote attestation #550

Open
2 tasks
zvonkok opened this issue Apr 25, 2024 · 4 comments
Open
2 tasks

Add NVIDIA GPU local and remote attestation #550

zvonkok opened this issue Apr 25, 2024 · 4 comments

Comments

@zvonkok
Copy link
Member

zvonkok commented Apr 25, 2024

Using this issue to track the attestation changes for supporting NVIDIA GPUs with our attestation_sdk: https://github.com/NVIDIA/nvtrust, lets start with the obvious:

  • Attester
  • Verifer

There are more things to come, maybe a KMS backend as well.

@imlk0
Copy link
Contributor

imlk0 commented Apr 25, 2024

Hi @zvonkok, it's a nice work. I'm curious if this will mean implementing a new Attester in AA crate and a new Verifier in AS crate? Also, I'm wondering if it will use something like nvml-wrapper under the hood or just use ffi to call the attestation_sdk python library?

@zvonkok
Copy link
Member Author

zvonkok commented Apr 25, 2024

@imlk0 Yes new Attester in AA create and a new Verifier in AS crate. No not using nvml-wrapper this is just a small part of the attestation_sdk. I would need to implement a ton of things to make this work just by using nvml-wrapper.
As a start to see something working maybe just calling an binary (PyInstaller).
We can see from there if we need attestation_sdk updates or FFI lets see but I hope to get enough reviews to move this in the right direction.

@imlk0
Copy link
Contributor

imlk0 commented Apr 25, 2024

@imlk0 Yes new Attester in AA create and a new Verifier in AS crate. No not using nvml-wrapper this is just a small part of the attestation_sdk. I would need to implement a ton of things to make this work just by using nvml-wrapper. As a start to see something working maybe just calling an binary (PyInstaller). We can see from there if we need attestation_sdk updates or FFI lets see but I hope to get enough reviews to move this in the right direction.

Thanks for your reply.

@1570005763
Copy link
Contributor

Great proposal! I'm curious about the part regarding KMS.
Could you perhaps share the needs for KMS in NVIDIA GPU remote attestation? Currently, CDH has a dedicated KMS plugin interface, which can interface with various KMS. Do you think this feature might be applicable or beneficial in your work?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants