NVIDIA
diff --git a/‎CONTRIBUTE.md‎
Lines changed: 109 additions & 0 deletions b/‎CONTRIBUTE.md‎
Lines changed: 109 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 5 additions & 1 deletion b/‎README.md‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎guest_tools/attestation_sdk/pyproject.toml‎
Lines changed: 2 additions & 2 deletions b/‎guest_tools/attestation_sdk/pyproject.toml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎guest_tools/gpu_verifiers/local_gpu_verifier/pyproject.toml‎
Lines changed: 1 addition & 1 deletion b/‎guest_tools/gpu_verifiers/local_gpu_verifier/pyproject.toml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/attestation/spdm_msrt_resp_msg.py‎
Lines changed: 30 additions & 3 deletions b/‎guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/attestation/spdm_msrt_resp_msg.py‎
Lines changed: 30 additions & 3 deletions
diff --git a/‎guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/cc_admin.py‎
Lines changed: 29 additions & 7 deletions b/‎guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/cc_admin.py‎
Lines changed: 29 additions & 7 deletions
diff --git a/‎guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/config.py‎
Lines changed: 40 additions & 1 deletion b/‎guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/config.py‎
Lines changed: 40 additions & 1 deletion
diff --git a/‎guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/nvml/__init__.py‎
Lines changed: 1 addition & 1 deletion b/‎guest_tools/gpu_verifiers/local_gpu_verifier/src/verifier/nvml/__init__.py‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎guest_tools/ppcie-verifier/LICENSE‎
Lines changed: 3 additions & 1 deletion b/‎guest_tools/ppcie-verifier/LICENSE‎
Lines changed: 3 additions & 1 deletion
@@ -0,0 +1,109 @@
+# Contributing to NVTrust
+
+Thank you for your interest in contributing to NVTrust! We welcome contributions from the community and are grateful for your support. Please take a moment to review this guide to understand how you can contribute to the project.
+
+## How to Contribute
+
+### Reporting Issues
+
+If you encounter any bugs, have feature requests, or have questions, please open an issue on GitHub. When reporting issues, please provide as much detail as possible to help us understand and resolve the problem quickly.
+
+1. Go to the [Issues](https://github.com/NVIDIA/nvtrust/issues) page.
+2. Click on the "New Issue" button.
+3. Provide a clear and descriptive title.
+4. Describe the issue or feature request in detail, including steps to reproduce the issue if applicable.
+
+### Submitting Pull Requests
+
+We welcome pull requests for bug fixes, improvements, and new features. To submit a pull request:
+
+1. Fork the repository on GitHub.
+2. Clone your fork to your local machine.
+3. Create a new branch for your changes:
+   ```bash
+   git checkout -b my-feature-branch
+   ```
+4. Make your changes and commit them with clear and concise messages.
+5. Push your changes to your forked repository:
+   ```bash
+   git push origin my-feature-branch
+   ```
+6. Open a pull request on the original repository. Provide a clear description of your changes and the problem they solve.
+
+### Coding Guidelines
+
+To ensure a smooth and consistent codebase, please follow these guidelines:
+
+- Follow the existing code style.
+- Write clear, concise commit messages.
+- Include comments where necessary to explain the intent of the code.
+- Ensure your changes do not introduce new issues by running existing tests and adding new tests as needed.
+
+### Code of Conduct
+
+To ensure a positive and inclusive community, we adhere to the [Contributor Covenant Code of Conduct](https://www.contributor-covenant.org/version/2/0/code_of_conduct/). By participating in this project, you agree to abide by its terms.
+
+## Getting Started
+
+To get started with development:
+
+1. Clone the repository:
+   ```bash
+   git clone https://github.com/NVIDIA/nvtrust.git
+   ```
+2. Navigate to the project directory:
+   ```bash
+   cd nvtrust
+   ```
+3. Install the required dependencies (if applicable).
+
+### Signing Your Work
+
+* We require that all contributors "sign-off" on their commits. This certifies that the contribution is your original work, or you have rights to submit it under the same license, or a compatible license.
+
+  * Any contribution which contains commits that are not Signed-Off will not be accepted.
+
+* To sign off on a commit you simply use the `--signoff` (or `-s`) option when committing your changes:
+  ```bash
+  $ git commit -s -m "Add cool feature."
+  ```
+  This will append the following to your commit message:
+  ```
+  Signed-off-by: Your Name <your@email.com>
+  ```
+
+* Full text of the DCO:
+
+  ```
+    Developer Certificate of Origin
+    Version 1.1
+    
+    Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+    1 Letterman Drive
+    Suite D4700
+    San Francisco, CA, 94129
+    
+    Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.
+  ```
+
+  ```
+    Developer's Certificate of Origin 1.1
+    
+    By making a contribution to this project, I certify that:
+    
+    (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or
+    
+    (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or
+    
+    (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it.
+    
+    (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved.
+  ```
+
+## Contact
+
+If you have any questions or need further assistance, feel free to reach out by opening an issue or contacting the maintainers.
+
+Thank you for contributing to NVTrust!
+
+---
@@ -20,10 +20,14 @@ NVIDIA is at the forefront of confidential computing, collaborating with CPU par
 
 For more information, including documentation, white papers, and videos regarding the Hopper Confidential Computing story, please visit [NVIDIA docs](https://docs.nvidia.com/confidential-computing/index.html).
 
+## Contributing
+
+We welcome contributions from the community. Please refer to our [CONTRIBUTE.md](CONTRIBUTE.md) file for guidelines on how to contribute to this project.
+
 ## License
 
 This repository is licensed under Apache License v2.0 except where otherwise noted.
 
 ## Support
 
-For issues or questions, please [file a bug](https://github.com/NVIDIA/nvtrust/issues). For additional support, contact us at [attestation-support@nvidia.com](mailto:attestation-support@nvidia.com)
+For issues or questions, please [file a bug](https://github.com/NVIDIA/nvtrust/issues). For additional support, contact us at [attestation-support@nvidia.com](mailto:attestation-support@nvidia.com)
@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "nv-attestation-sdk"
-version = "2.6.2"
+version = "2.6.3"
 description = "The Attestation SDK provides developers with a easy to use APIs for implementing attestation capabilities into their applications."
 authors = ["Karthik Jayaraman <kjayaraman@nvidia.com>"]
 readme = "README.md"
@@ -22,7 +22,7 @@ xmlschema = "==2.2.3"
 pyOpenSSL = "==24.2.1"
 PyJWT = "==2.7.0"
 nvidia-ml-py = ">=12.535.77"
-nv-local-gpu-verifier = "2.6.2"
+nv-local-gpu-verifier = "2.6.3"
 build = ">=0.7.0"
 twine = ">=3.7.1"
 pylint = ">=2.9.6"
 
@@ -1,6 +1,6 @@
 [project]
 name = "nv-local-gpu-verifier"
-version = "2.6.2"
+version = "2.6.3"
 description = "A Python-based tool that validates GPU measurements by comparing GPU runtime measurements with authenticated golden measurements"
 authors = [
     {name = "NVIDIA"}
 
@@ -34,6 +34,7 @@
     MeasurementSpecificationError,
     ParsingError,
 )
+from verifier.config import BaseSettings
 
 
 class DmtfMeasurement:
@@ -361,6 +362,20 @@ def parse_switch_pdis(self, binary_data):
             self.OpaqueDataField["OPAQUE_FIELD_ID_SWITCH_PDI"].append(pdi)
             byte_index = byte_index + self.FieldSize['PdiDataSize']
 
+    def parse_feature_flag(self, binary_data):
+        """ Parses the raw feature flag data and maps it to appropriate feature
+
+        Args:
+            binary_data (bytes): the raw feature flag data
+        """
+        feature_flag_map = {
+            0 : "SPT",
+            1 : "MPT",
+            2 : "PPCIE"
+        }
+        value = int(read_field_as_little_endian(binary_data), 16)
+        self.OpaqueDataField["OPAQUE_FIELD_ID_FEATURE_FLAG"] = feature_flag_map[value]
+
     def parse_chip_info(self, binary_data):
         """ Parses the raw chip info data and extract the underlying chip name
 
@@ -370,6 +385,16 @@ def parse_chip_info(self, binary_data):
         chip_info = binary_data.decode('utf-8').split('\x00')[0]
         self.OpaqueDataField["OPAQUE_FIELD_ID_CHIP_INFO"] = chip_info
 
+    def parse_opaque_data_version(self, binary_data):
+        """ Parses the raw opaque data version data and extract the version number
+
+        Args:
+            binary_data (bytes): the raw opaque data version data
+        """
+
+        value = int(read_field_as_little_endian(binary_data), 16)
+        BaseSettings.CURRENT_OPAQUE_DATA_VERSION = value
+        self.OpaqueDataField["OPAQUE_FIELD_ID_OPAQUE_DATA_VERSION"] = value
 
     def parse(self, binary_data):
         """ Parses the raw OpaqueData field of the SPDM GET_MEASUREMENT response message.
@@ -380,9 +405,11 @@ def parse(self, binary_data):
         byte_index = 0
 
         opaque_field_to_function_map = {
-            "OPAQUE_FIELD_ID_MSRSCNT": self.parse_measurement_count,
-            "OPAQUE_FIELD_ID_SWITCH_PDI": self.parse_switch_pdis,
-            "OPAQUE_FIELD_ID_CHIP_INFO": self.parse_chip_info
+            "OPAQUE_FIELD_ID_MSRSCNT"             : self.parse_measurement_count,
+            "OPAQUE_FIELD_ID_SWITCH_PDI"          : self.parse_switch_pdis,
+            "OPAQUE_FIELD_ID_FEATURE_FLAG"        : self.parse_feature_flag,
+            "OPAQUE_FIELD_ID_CHIP_INFO"           : self.parse_chip_info,
+            "OPAQUE_FIELD_ID_OPAQUE_DATA_VERSION" : self.parse_opaque_data_version
         }
 
         while byte_index < len(binary_data):
 
@@ -1,5 +1,5 @@
 #
-# SPDX-FileCopyrightText: Copyright (c) 2021-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-FileCopyrightText: Copyright (c) 2021-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 # SPDX-License-Identifier: BSD-3-Clause
 # 
 # Redistribution and use in source and binary forms, with or without
@@ -311,7 +311,8 @@ def attest(arguments_as_dictionary, nonce, gpu_evidence_list):
     overall_status = False
     gpu_claims_list = []
     att_report_nonce_hex = CcAdminUtils.validate_and_extract_nonce(nonce)
-
+    any_gpu_in_MPT_mode = False
+    any_gpu_in_SPT_mode = False
 
     try:
         BaseSettings.allow_hold_cert = arguments_as_dictionary['allow_hold_cert']
@@ -451,20 +452,26 @@ def attest(arguments_as_dictionary, nonce, gpu_evidence_list):
                 if not arguments_as_dictionary['test_no_gpu']:
                     info_log.info("\t\t\tFetching the driver RIM from the RIM service.")
                     try:
-                        chip = attestation_report_obj.get_response_message().get_opaque_data().get_data(
-                            "OPAQUE_FIELD_ID_CHIP_INFO")
+                        # As OPAQUE_FIELD_ID_CHIP_INFO is supported from Blackwell+ chips,
+                        # assigning the chip name to be GH100 directly
+                        # For Blackwell+ chips, we derive it from the opaque data field
+                        if settings.GPU_ARCH_NAME == "HOPPER":
+                            chip = "GH100"
+                        else:
+                            chip = attestation_report_obj.get_response_message().get_opaque_data().get_data("OPAQUE_FIELD_ID_CHIP_INFO")
                         driver_rim_file_id = CcAdminUtils.get_driver_rim_file_id(driver_version, settings, chip)
 
                         driver_rim_content = function_wrapper_with_timeout([CcAdminUtils.fetch_rim_file,
-                                                                            driver_rim_file_id,
-                                                                            'fetch_rim_file'],
-                                                                           BaseSettings.MAX_NETWORK_TIME_DELAY)
+                                                                                driver_rim_file_id,
+                                                                                'fetch_rim_file'],
+                                                                               BaseSettings.MAX_NETWORK_TIME_DELAY)
 
                         driver_rim = RIM(rim_name='driver', settings=settings, content=driver_rim_content)
                     except Exception as error:
                         info_log.error("Error occurred while fetching the driver RIM from the "
                                        "RIM service due to %s", error)
                         raise RIMFetchError(f'Unable to fetch driver RIM from RIM service: {driver_rim_file_id}')
+
                 else:
                     info_log.info("\t\t\tUsing the local driver rim file : " + settings.DRIVER_RIM_PATH)
                     driver_rim = RIM(rim_name='driver', settings=settings, rim_path=settings.DRIVER_RIM_PATH)
@@ -486,6 +493,15 @@ def attest(arguments_as_dictionary, nonce, gpu_evidence_list):
                 event_log.error("\t\t\tDriver RIM verification failed.")
                 raise RIMVerificationFailureError("\t\t\tDriver RIM verification failed.\n\t\t\tQuitting now.")
 
+            # OPAQUE_DATA_VERSION 1 indicates the first version of the Feature Flag present in the OpaqueData field.
+            if BaseSettings.CURRENT_OPAQUE_DATA_VERSION >= BaseSettings.MIN_OPAQUE_DATA_VERSION_TO_SUPPORT_FEATURE_FLAG:
+                feature_flag = attestation_report_obj.get_response_message().get_opaque_data().get_data(
+                    "OPAQUE_FIELD_ID_FEATURE_FLAG")
+                if feature_flag == "MPT":
+                    any_gpu_in_MPT_mode = True
+                elif feature_flag == "SPT":
+                    any_gpu_in_SPT_mode = True
+
             # performing the schema validation and signature verification of the vbios RIM.
             info_log.info("\t\tAuthenticating VBIOS RIM.")
             vbios_rim_path = settings.VBIOS_RIM_PATH
@@ -564,6 +580,12 @@ def attest(arguments_as_dictionary, nonce, gpu_evidence_list):
             # set current gpu_claims
             gpu_claims_list.append(ClaimsUtils.get_current_gpu_claims(settings, gpu_info_obj.get_uuid()))
 
+        # If any GPU is in MPT mode, then all GPUs should be in MPT mode.
+        if any_gpu_in_MPT_mode and any_gpu_in_SPT_mode:
+            overall_status = False
+            event_log.error("Detected GPUs in both MPT and SPT modes. This configuration is not allowed.")
+
+
     except Exception as error:
         info_log.error(error)
         event_log.exception("GPU Attestation failed")
 
@@ -1,5 +1,5 @@
 #
-# SPDX-FileCopyrightText: Copyright (c) 2021-2023 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
+# SPDX-FileCopyrightText: Copyright (c) 2021-2025 NVIDIA CORPORATION & AFFILIATES. All rights reserved.
 # SPDX-License-Identifier: BSD-3-Clause
 #
 # Redistribution and use in source and binary forms, with or without
@@ -52,6 +52,7 @@
 fhandler.setFormatter(logging.Formatter("%(asctime)s:%(levelname)s: %(message)s", '%m-%d-%Y %H:%M:%S'))
 event_log.addHandler(fhandler)
 
+event_log.info(f'Verifier version: {__version__}')
 event_log.debug("----------STARTING----------")
 
 
@@ -92,6 +93,44 @@ class Status(Enum):
     RIM_ROOT_CERT = os.path.join(ROOT_CERT_DIR, 'verifier_RIM_root.pem')
     DEVICE_ROOT_CERT = os.path.join(ROOT_CERT_DIR, 'verifier_device_root.pem')
 
+    EXECUTION_SEQUENCE_INDEX = {
+        'GPU_AVAILABILITY'                       : 0,
+        'ATTESTATION_REPORT_AVAILABILITY'        : 1,
+        'GPU_INFO_FETCH'                         : 2,
+        'CORRECT_GPU_ARCH'                       : 3,
+        'ATTESTATION_REPORT_MSR_AVAILABILITY'    : 4,
+        'ATTESTATION_REPORT_PARSED'              : 5,
+        'ROOT_CERT_AVAILABILITY'                 : 6,
+        'GPU_CERT_CHAIN_VERIFIED'                : 7,
+        'GPU_CERT_OCSP_CERT_CHAIN_VERIFICATION'  : 8,
+        'GPU_CERT_OCSP_SIGNATURE_VERIFICATION'   : 9,
+        'GPU_CERT_OCSP_NONCE_MATCH'              : 10,
+        'GPU_CERT_CHECK_COMPLETE'                : 11,
+        'NONCE_MATCH'                            : 12,
+        'ATTESTATION_REPORT_DRV_VERSION_MATCH'   : 13,
+        'ATTESTATION_REPORT_VBIOS_VERSION_MATCH' : 14,
+        'ATTESTATION_REPORT_VERIFICATION'        : 15,
+        'DRIVER_RIM_FETCH'                       : 16,
+        'DRIVER_RIM_MEASUREMENT_AVAILABILITY'    : 17,
+        'DRIVER_RIM_SCHEMA_VALIDATION'           : 18,
+        'DRIVER_RIM_VERSION_MATCH'               : 19,
+        'DRIVER_RIM_CERT_EXTRACT'                : 20,
+        'DRIVER_RIM_SIGNATURE_VERIFICATION'      : 21,
+        'VBIOS_RIM_FETCH'                        : 22,
+        'VBIOS_RIM_MEASUREMENT_AVAILABILITY'     : 23,
+        'VBIOS_RIM_SCHEMA_VALIDATION'            : 24,
+        'VBIOS_RIM_VERSION_MATCH'                : 25,
+        'VBIOS_RIM_CERT_EXTRACT'                 : 26,
+        'VBIOS_RIM_SIGNATURE_VERIFICATION'       : 27,
+        'DRV_VBIOS_MSR_INDEX_CONFLICT'           : 28,
+        'MEASUREMENT_MATCH'                      : 29,
+    }
+
+    CURRENT_OPAQUE_DATA_VERSION = 0
+    LATEST_OPAQUE_DATA_VERSION = 1
+    MIN_OPAQUE_DATA_VERSION_TO_SUPPORT_FEATURE_FLAG = 1
+    MIN_OPAQUE_DATA_VERSION_TO_SUPPORT_CHIP_INFO = 1
+
     @classmethod
     def set_ocsp_url(cls, url):
         if not isinstance(url, str):
 
@@ -147,7 +147,7 @@ def is_ppcie_mode_enabled():
         settings = NvmlSystemConfComputeSettings()
         state = function_wrapper_with_timeout([nvmlSystemGetConfComputeSettings, ctypes.byref(settings),
                                                "nvmlSystemGetConfComputeSettings"], BaseSettings.MAX_NVML_TIME_DELAY)
-        return settings.multiGpuMode != 0
+        return settings.multiGpuMode == 1
 
     @staticmethod
     def is_cc_dev_mode():
 
@@ -86,7 +86,7 @@ Python copyright:
 Open Source Software Licensed Under the MIT License:
 ----------------------------------------------------
 
-black, build, poetry, pytest, timeout-decorator, tomlkit, urllib3, wheel and setuptools are MIT licensed Python packages used in this project.
+black, build, poetry, pytest, timeout-decorator, tomlkit, urllib3, wheel, pytest-cov and setuptools are MIT licensed Python packages used in this project.
 
 
 black:
@@ -113,6 +113,8 @@ urllib3:
 wheel:
     Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors
 
+pytest-cov:
+    Copyright (c) 2010 Holger Krekel and others
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal