A Go library for NVIDIA GPU and NVSwitch confidential computing attestation, providing a Go implementation inspired by nvidia/nvtrust. This library enables secure attestation of NVIDIA GPUs (Hopper, Blackwell) and NVSwitch devices with Confidential Computing capabilities.
go-nvtrust provides a comprehensive solution for:
- Collecting attestation evidence from NVIDIA GPUs and NVSwitch devices
- Verifying attestation reports through NVIDIA Remote Attestation Service (NRAS)
- Enabling confidential computing workflows
- Go bindings for libnvidia-nscq (NVSwitch attestation library)
The library leverages:
- NVIDIA's NVML (NVIDIA Management Library) through go-nvml for GPU attestation
- NVIDIA's libnvidia-nscq for NVSwitch attestation
- GPUs: NVIDIA Hopper (H100), Blackwell architectures
- NVSwitch: LS10 architecture
go get github.com/confidentsecurity/go-nvtrust ctx := context.Background()
nonce := make([]byte, 32)
if _, err := rand.Read(nonce); err != nil {
log.Fatalf("Failed to generate nonce: %v", err)
}
nrasClient := nras.NewNRASClient(http.DefaultClient)
// Create GPU admin and attester
gpuAdmin, err := gpu.NewNvmlGPUAdmin(nil)
if err != nil {
log.Fatalf("Failed to create GPU admin: %v", err)
}
defer gpuAdmin.Shutdown()
// Attest GPUs
attester := gonvtrust.NewRemoteAttester(gpuAdmin, nrasClient)
result, err := attester.Attest(ctx, nonce)
if err != nil {
log.Fatalf("Failed to attest: %v", err)
}
if result.Result {
fmt.Println("GPU attestation successful - GPUs are trusted")
fmt.Printf("Verified %d GPU(s)\n", len(result.DevicesTokens))
} else {
fmt.Println("GPU attestation failed")
}
// Attest NVSwitches
attester = gonvtrust.NewRemoteAttester(switchAdmin, nrasClient)
result, err = attester.Attest(ctx, nonce)
if err != nil {
log.Fatalf("Failed to attest: %v", err)
}
if result.Result {
fmt.Println("NVSwitch attestation successful - switches are trusted")
fmt.Printf("Verified %d NVSwitch(es)\n", len(result.DevicesTokens))
} else {
fmt.Println("NVSwitch attestation failed")
}Generic attester for both GPU and NVSwitch devices.
NewRemoteAttester[T DeviceInfo](admin DeviceAdmin[T], verifier RemoteVerifier) *RemoteAttester[T]- Creates a new remote attesterAttest(ctx context.Context, nonce []byte) (*AttestationResult, error)- Collects evidence and verifies it remotely
type AttestationResult struct {
Result bool // Overall attestation result
JWTToken *jwt.Token // JWT token from NRAS
DevicesTokens map[string]string // Individual device tokens
}Manages NVIDIA GPU attestation through NVML.
NewNvmlGPUAdmin(handler NvmlHandler) (*NvmlGPUAdmin, error)- Creates a new GPU adminCollectEvidence(nonce []byte) ([]GPUDevice, error)- Collects attestation evidence from all GPUsIsConfidentialComputeEnabled() (bool, error)- Checks if confidential compute is enabledIsGPUReadyStateEnabled() (bool, error)- Checks if GPU ready state is enabledEnableGPUReadyState() error- Enables GPU ready stateAllGPUInPersistenceMode() (bool, error)- Checks if all GPUs are in persistence modeShutdown() error- Shuts down the NVML library
Manages NVSwitch attestation through libnvidia-nscq.
NewNscqSwitchAdmin(handler NvSwitchHandler) (*NscqSwitchAdmin, error)- Creates a new switch adminCollectEvidence(nonce []byte) ([]SwitchDevice, error)- Collects attestation evidence from all switchesShutdown() error- Shuts down the NSCQ library
Client for communicating with NVIDIA Remote Attestation Service.
NewNRASClient(httpClient *http.Client) *NRASClient- Creates a new NRAS clientAttestGPU(ctx context.Context, request *AttestationRequest) (*AttestationResponse, error)- Attests GPU evidenceAttestSwitch(ctx context.Context, request *AttestationRequest) (*AttestationResponse, error)- Attests switch evidenceVerifyJWT(ctx context.Context, signedToken string) (*jwt.Token, error)- Verifies JWT token from NRAS
Run the standard test suite:
go test -v ./pkg/...Run integration tests (requires compatible GPU hardware):
go test -tags=gpu_integration -v ./pkg/...