feat(attestation-api): expose GPU attestation through HTTP API#44
Draft
AmeanAsad wants to merge 2 commits into
Draft
feat(attestation-api): expose GPU attestation through HTTP API#44AmeanAsad wants to merge 2 commits into
AmeanAsad wants to merge 2 commits into
Conversation
Wires the NVIDIA GPU attestation primitives from the attestation crate
into the REST service so a single client can drive the full
attest+verify flow over HTTP.
- /attest accepts `nvidia_gpu: true` (requires the new
nvidia-gpu-attest feature) and returns a top-level `nvidia_gpu`
bundle alongside the CPU evidence
- /verify accepts the same `nvidia_gpu` field plus
`nvidia_gpu_user_nonce` / `nvidia_gpu_required` /
`nvidia_gpu_expected_archs` params and surfaces the verified GPU
claims under `result.claims.nvidia_gpu`
The verifier is wired with a new CachedNrasProvider that shares the
service's moka cert cache for JWKS lookups. JWKS is pre-warmed on
startup, refreshed in the background at half the configured TTL, and
forcefully refetched on kid rotation. NRAS endpoint URLs can be
overridden via config or NV_NRAS_{GPU,SWITCH}_URL env vars.
The nvidia-gpu-attest cargo feature is opt-in: verifier-only
deployments don't pull the NVIDIA C++ SDK / bindgen toolchain. Default
builds remain SDK-free.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
/attestacceptsnvidia_gpu: true(gated by the newnvidia-gpu-attestfeature) and returns a top-levelnvidia_gpubundle alongside CPU evidence./verifyacceptsnvidia_gpuplusnvidia_gpu_user_nonce/nvidia_gpu_required/nvidia_gpu_expected_archs, and surfaces verified GPU claims underresult.claims.nvidia_gpu.CachedNrasProvidershares the service's moka cert cache for JWKS. JWKS is pre-warmed on startup and refreshed at half the configured TTL. NRAS URLs overridable via config orNV_NRAS_{GPU,SWITCH}_URL.nvidia-gpu-attestfeature is opt-in — verifier-only deployments don't pull the NVIDIA C++ SDK / bindgen toolchain.Test plan
cargo fmt --all -- --checkcargo clippy --workspace --all-targets -- -D warningscargo test --workspace/attest+/verifyround-trip withnvidia_gpu: trueon a CC-mode host