Merge pull request #129 from NVIDIA/release/v2.6.5

Protected PCIE Verifier for SDK CPP

Author: kartheekabokkanvidia

.gitmodules

@@ -1,3 +1,6 @@
 [submodule "host_tools/python"]
 	path = host_tools/python
 	url = https://github.com/nvidia/gpu-admin-tools
+[submodule "guest_tools/attestation_sdk_cpp"]
+	path = guest_tools/attestation_sdk_cpp
+	url = https://github.com/NVIDIA/attestation-sdk.git

README.md

@@ -1,5 +1,15 @@
 # nvTrust: Ancillary Software for NVIDIA Trusted Computing Solutions
 
+[![License](https://img.shields.io/badge/License-Apache_2.0-brightgreen.svg)](LICENSE)
+[![Docs](https://img.shields.io/badge/docs-latest-blue)](https://docs.nvidia.com/attestation/attestation-client-tools-sdk/latest/sdk_introduction.html)
+[![Release](https://img.shields.io/github/v/release/NVIDIA/nvtrust)](https://github.com/NVIDIA/nvtrust/releases)
+[![PyPI](https://img.shields.io/pypi/v/nv-attestation-sdk.svg)](https://pypi.org/project/nv-attestation-sdk/)
+[![Python](https://img.shields.io/badge/python-3.7%20and%20above-orange)](https://pypi.org/project/nv-attestation-sdk/)
+[![Issues](https://img.shields.io/github/issues/NVIDIA/nvtrust)](https://github.com/NVIDIA/nvtrust/issues)
+[![Pull Requests](https://img.shields.io/github/issues-pr/NVIDIA/nvtrust)](https://github.com/NVIDIA/nvtrust/pulls)
+[![Stars](https://img.shields.io/github/stars/NVIDIA/nvtrust?style=social)](https://github.com/NVIDIA/nvtrust/stargazers)
+[![Forks](https://img.shields.io/github/forks/NVIDIA/nvtrust?style=social)](https://github.com/NVIDIA/nvtrust/network/members)
+
 This repository provides essential resources for implementing and validating Trusted Computing Solutions on NVIDIA hardware. It focuses on attestation, a crucial aspect of ensuring the integrity and security of confidential computing environments.
 
 ## Tools and Components
@@ -12,6 +22,8 @@ This repository includes the following attestation tools and utilities:
 
 - **[Local GPU Verifier](guest_tools/gpu_verifiers/local_gpu_verifier/README.md)** - A standalone tool for local GPU attestation verification. *Note: This tool is now integrated into the Attestation SDK. Please use the Attestation SDK for GPU attestation workflows.*
 
+> **Deprecation Notice:** The Python SDK and the Local GPU Verifier is deprecated. Users are encouraged to use the new [C++ SDK](https://docs.nvidia.com/attestation/nv-attestation-sdk-cpp/latest/sdk-c/introduction.html) and the [CLI](https://docs.nvidia.com/attestation/nv-attestation-sdk-cpp/latest/sdk-cli/introduction.html).
+
 - **[PPCIE Verifier](guest_tools/ppcie-verifier/README.md)** - Protected PCIe verifier for multi-GPU confidential computing setups where all GPUs are in PPCIE mode, enabling plain-text NVLink traffic while preserving confidential VM security.
 
 ### Host Tools
@@ -30,8 +42,7 @@ To get started and learn more about NVIDIA Attestation, refer to the [NVIDIA Att
 ### SDK and CLI Documentation
 
 - **[Attestation SDK (Python) Documentation](https://docs.nvidia.com/attestation/attestation-client-tools-sdk/latest/sdk_introduction.html)** - Complete documentation for the Python SDK
-- **[Attestation SDK (C++) Documentation](https://docs.nvidia.com/attestation/nv-attestation-sdk-cpp/latest/sdk-c/introduction.html)** - Complete documentation for the C++ SDK
-- **[Attestation CLI Documentation](https://docs.nvidia.com/attestation/nv-attestation-sdk-cpp/latest/sdk-cli/introduction.html)** - Command-line interface documentation
+
 - **[PPCIE Verifier Documentation](https://docs.nvidia.com/attestation/attestation-client-tools-ppcie/latest/ppcie_introduction.html)** - Documentation for Protected PCIe attestation
 
 ## Contributing

guest_tools/attestation_sdk/src/nv_attestation_sdk/gpu/attest_gpu_remote.py

@@ -71,7 +71,10 @@ def attest(nonce: str, gpu_evidence_list, attestation_options):
         response = requests.request(
             "POST", verifier_url, headers=headers, data=payload, timeout=timeout
         )
-        response_json = response.json()
+        try:
+            response_json = response.json()
+        except ValueError:
+            response_json = response.text
         logger.debug(
             "Response received from NRAS for GPU Attestation: %s", response_json
         )

guest_tools/attestation_sdk/src/nv_attestation_sdk/nvswitch/attest_nvswitch_remote.py

@@ -70,7 +70,10 @@ def attest(nonce: str, nvswitch_evidence_list, attestation_options):
         response = requests.request(
             "POST", verifier_url, headers=headers, data=payload, timeout=timeout
         )
-        response_json = response.json()
+        try:
+            response_json = response.json()
+        except ValueError:
+            response_json = response.text
         logger.debug(
             "Response received from NRAS for Nvswitch Attestation: %s", response_json
         )

guest_tools/attestation_sdk/tests/end_to_end/hardware/test_local_gpu.py

@@ -25,6 +25,14 @@ def attestation_policy_3_0():
         json_data = json.load(json_file)
         return json.dumps(json_data)
 
+@pytest.fixture
+def attestation_policy_4_0():
+    """Fixture to load the policy file"""
+    file = "../../policies/local/NVGPULocalv4PolicyExample.json"
+    with open(os.path.join(os.path.dirname(__file__), file)) as json_file:
+        json_data = json.load(json_file)
+        return json.dumps(json_data)
+
 @pytest.mark.gpu_hardware
 def test_successful_gpu_attestation_without_a_service_key(attestation_policy, ocsp_url, rim_url):
     invoke_attestation(attestation_policy, None, ocsp_url, rim_url)
@@ -35,9 +43,9 @@ def test_successful_gpu_attestation_with_a_service_key(attestation_policy, servi
     invoke_attestation(attestation_policy, service_key, ocsp_url, rim_url)
 
 @pytest.mark.gpu_hardware
-def test_successful_gpu_attestation_with_claims_version_3_0(attestation_policy_3_0, service_key, rim_url, ocsp_url):
+def test_successful_gpu_attestation_with_claims_version_3_0(attestation_policy_4_0, service_key, rim_url, ocsp_url):
     assert service_key is not None, "Obtain a valid service key which has NVIDIA Attestation Service access from https://org.ngc.nvidia.com/service-keys"
-    invoke_attestation(attestation_policy, service_key, ocsp_url, rim_url, claims_version="3.0")
+    invoke_attestation(attestation_policy_4_0, service_key, ocsp_url, rim_url, claims_version="3.0")
 
 @pytest.mark.gpu_hardware
 def test_fail_gpu_attestation_with_invalid_service_key(attestation_policy, ocsp_url, rim_url):

guest_tools/attestation_sdk_cpp

@@ -0,0 +1 @@
+dist