Merge branch 'opencomputeproject:main' into corim

Author: attzonko

.github/workflows/hello.yml

@@ -0,0 +1,11 @@
+    name: Hello World Workflow
+
+    on:
+      workflow_dispatch:
+
+    jobs:
+      greet:
+        runs-on: ubuntu-latest
+        steps:
+          - name: Say Hello
+            run: echo "Hello, World!"

Documentation/storage_sanitization.md

@@ -17,12 +17,12 @@ The Internal Key is one of the two keys required to derive or access the MEK. It
 * The Internal Key must never be disclosed outside the drive.
   * Debug and manufacturing-related interfaces must be unable to access the Internal Key.
   * Debug dumps must not contain the Internal Key.
-  * The Internal Key must be protected against exfiltration via Differential Power Analysis side-channel attacks.
+  * The Internal Key must be protected against exfiltration via Differential Power Analysis side-channel attacks (Scope 3 only).
     * Rate limiting may be used to mitigate attacks.
   * The Internal Key should be encrypted at rest with a unique key derived from secrets burned into fuses, in order to protect against physical exfiltration.
 * The Internal Key must be erasable.
   * An erase command may only report success after all old copies of the Internal Key have been destroyed irreversibly. Status must be reported, so that failures can be addressed externally.
-  * Advanced attackers with physical access to the drive must be unable to recover the Internal Key.
+  * Advanced attackers with physical access to the drive must be unable to recover the Internal Key (Scope 3 only).
     * As a subjective guideline: The Internal Key should be unrecoverable with a budget of up to $10M.
   * It should be possible to destroy the Internal Key even when other parts of the drive are faulty, such as motors, magnetic platters, heads or flash chips that have reached the maximum number of write-cycles.
 

Reports/NVIDIA/2025/Blackwell/OCP_SAFE_-_NVIDIA_-_Blackwell_-_2025-08-04_-_Confidential_Compute_Work_Launch_Key_Management.json

@@ -0,0 +1,21 @@
+{
+    "review_framework_version": "1.1",
+    "device": {
+        "vendor": "NVIDIA Corporation",
+        "product": "NVIDIA Blackwell GPU",
+        "category": "GPU - Confidential Compute - Work Launch, Key Manager",
+        "repo_tag": "36264796",
+        "fw_version": "580.65.06",
+        "fw_hash_sha2_384": "e34265a7befc266931d4c2757fb006dc0fcc0e383037ef9aa77ab7959deabca64bbb0962a417da9e5686fe3642f0c28b",
+        "fw_hash_sha2_512": ""
+    },
+    "audit": {
+        "srp": "Tetrel Security Inc.",
+        "methodology": "Whitebox Review",
+        "completion_date": "2025-02-05",
+        "report_version": "1.1",
+        "scope_number": 1.0,
+        "cvss_version": "4.0",
+        "issues": []
+    }
+}

Reports/NVIDIA/2025/Blackwell/OCP_SAFE_-_NVIDIA_-_Blackwell_-_2025-08-04_-_Confidential_Compute_Work_Launch_Key_Management.jws

@@ -0,0 +1 @@
+eyJraWQiOiAidGV0cmVsLW9jcC1zZnItc2lnbmluZy1rZXkiLCAiYWxnIjogIkVTNTEyIiwgInR5cCI6ICJqd3QifQ.eyJyZXZpZXdfZnJhbWV3b3JrX3ZlcnNpb24iOiAiMS4xIiwgImRldmljZSI6IHsidmVuZG9yIjogIk5WSURJQSBDb3Jwb3JhdGlvbiIsICJwcm9kdWN0IjogIk5WSURJQSBCbGFja3dlbGwgR1BVIiwgImNhdGVnb3J5IjogIkdQVSAtIENvbmZpZGVudGlhbCBDb21wdXRlIC0gV29yayBMYXVuY2gsIEtleSBNYW5hZ2VyIiwgInJlcG9fdGFnIjogIjM2MjY0Nzk2IiwgImZ3X3ZlcnNpb24iOiAiNTgwLjY1LjA2IiwgImZ3X2hhc2hfc2hhMl8zODQiOiAiZTM0MjY1YTdiZWZjMjY2OTMxZDRjMjc1N2ZiMDA2ZGMwZmNjMGUzODMwMzdlZjlhYTc3YWI3OTU5ZGVhYmNhNjRiYmIwOTYyYTQxN2RhOWU1Njg2ZmUzNjQyZjBjMjhiIiwgImZ3X2hhc2hfc2hhMl81MTIiOiAiIn0sICJhdWRpdCI6IHsic3JwIjogIlRldHJlbCBTZWN1cml0eSBJbmMuIiwgIm1ldGhvZG9sb2d5IjogIldoaXRlYm94IFJldmlldyIsICJjb21wbGV0aW9uX2RhdGUiOiAiMjAyNS0wMi0wNSIsICJyZXBvcnRfdmVyc2lvbiI6ICIxLjEiLCAic2NvcGVfbnVtYmVyIjogMS4wLCAiY3Zzc192ZXJzaW9uIjogIjQuMCIsICJpc3N1ZXMiOiBbXX0sICJpYXQiOiAxNzU0NTk0NTg4fQ.AD_vDYu27blqcuU8mcgSAKZ2bfn9N2Ke9m7JbyO2Iwojwr9liq7OBlDJG-Ecb92r412dUgyB8cLVdk3ELvPo8fUOAb2AagrE75YN5ZMEOTtPAhtMg96OBUXlYLHVKKRbQlFW62NASlqyORA_WiMEFa9uSJREmK-Jc57fyjeUmXSCZq43

Reports/NVIDIA/2025/Hopper/OCP_SAFE_-_NVIDIA_-_Hopper_-_2025-08-04_-_Confidential_Compute_Work_Launch_Key_Management.json

@@ -0,0 +1,21 @@
+{
+    "review_framework_version": "1.1",
+    "device": {
+        "vendor": "NVIDIA Corporation",
+        "product": "NVIDIA Hopper GPU",
+        "category": "GPU - Confidential Compute - Work Launch, Key Manager",
+        "repo_tag": "36264796",
+        "fw_version": "580.65.06",
+        "fw_hash_sha2_384": "11baaa3599e7a7b70151cf427c62fc95556d9102a9f87499085b3ec122ba64c35b78d505ce847e8b7b1bd90e0c59dcce",
+        "fw_hash_sha2_512": ""
+    },
+    "audit": {
+        "srp": "Tetrel Security Inc.",
+        "methodology": "Whitebox Review",
+        "completion_date": "2025-02-05",
+        "report_version": "1.1",
+        "scope_number": 1.0,
+        "cvss_version": "4.0",
+        "issues": []
+    }
+}

Reports/NVIDIA/2025/Hopper/OCP_SAFE_-_NVIDIA_-_Hopper_-_2025-08-04_-_Confidential_Compute_Work_Launch_Key_Management.jws

@@ -0,0 +1 @@
+eyJraWQiOiAidGV0cmVsLW9jcC1zZnItc2lnbmluZy1rZXkiLCAiYWxnIjogIkVTNTEyIiwgInR5cCI6ICJqd3QifQ.eyJyZXZpZXdfZnJhbWV3b3JrX3ZlcnNpb24iOiAiMS4xIiwgImRldmljZSI6IHsidmVuZG9yIjogIk5WSURJQSBDb3Jwb3JhdGlvbiIsICJwcm9kdWN0IjogIk5WSURJQSBIb3BwZXIgR1BVIiwgImNhdGVnb3J5IjogIkdQVSAtIENvbmZpZGVudGlhbCBDb21wdXRlIC0gV29yayBMYXVuY2gsIEtleSBNYW5hZ2VyIiwgInJlcG9fdGFnIjogIjM2MjY0Nzk2IiwgImZ3X3ZlcnNpb24iOiAiNTgwLjY1LjA2IiwgImZ3X2hhc2hfc2hhMl8zODQiOiAiMTFiYWFhMzU5OWU3YTdiNzAxNTFjZjQyN2M2MmZjOTU1NTZkOTEwMmE5Zjg3NDk5MDg1YjNlYzEyMmJhNjRjMzViNzhkNTA1Y2U4NDdlOGI3YjFiZDkwZTBjNTlkY2NlIiwgImZ3X2hhc2hfc2hhMl81MTIiOiAiIn0sICJhdWRpdCI6IHsic3JwIjogIlRldHJlbCBTZWN1cml0eSBJbmMuIiwgIm1ldGhvZG9sb2d5IjogIldoaXRlYm94IFJldmlldyIsICJjb21wbGV0aW9uX2RhdGUiOiAiMjAyNS0wMi0wNSIsICJyZXBvcnRfdmVyc2lvbiI6ICIxLjEiLCAic2NvcGVfbnVtYmVyIjogMS4wLCAiY3Zzc192ZXJzaW9uIjogIjQuMCIsICJpc3N1ZXMiOiBbXX0sICJpYXQiOiAxNzU0NTk0NTk4fQ.ASTZR0yXvYpyfjzm6YdgTBtbLoE8zq902QwbUmstxUxyzM1NIv2kVIIFW1aJ3cS018xfMoFAHi1wlDCpRVz5XYSPAGQ2ykWPTkv_lU3XOHz2KbbwuCfmbddL6rO8nh4a5oXYD2dPgvDuZxaxtClcyZa56zKF8hpc45T-2siQnsSe1L-N