Executing an Attestation of the GPU(x-nv-gpu-measurements-match) Failed #35
Description
My machine's specs:
CPU: Dual AMD EPYC 9224 16-Core Processor
GPU: H100 10de:2331 (vbios: 96.00.5E.00.01 cuda: 12.2 nvidia driver: 535.86.10)
Host OS: Ubuntu 22.04 with 5.19.0-rc6-snp-host-c4daeffce56e kernel
Guest OS: Ubuntu 22.04.2 with 5.19.0-rc6-snp-guest-c4daeffce56e kernel
Following by the deployment document,
on the page 31, when I tried to run
(nvAttest) cclab@guest:/shared/nvtrust/guest_tools/attestation_sdk/tests$ ./LocalGPUTest.py
it says
[LocalGPUTest] node name : thisNode1
[['LOCAL_GPU_CLAIMS', <Devices.GPU: 2>, <Environment.LOCAL: 2>, '', '', '']]
[LocalGPUTest] call attest() - expecting True
The system is running in CC DevTools mode !!
Number of GPUs available : 1
-----------------------------------
Fetching GPU 0 information from GPU driver.
Using the Nonce specified by user
VERIFYING GPU : 0
Driver version fetched : 535.86.10
VBIOS version fetched : 96.00.5e.00.03
Validating GPU certificate chains.
GPU attestation report certificate chain validation successful.
The certificate chain revocation status verification successful.
Authenticating attestation report
The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
Driver version fetched from the attestation report : 535.86.10
VBIOS version fetched from the attestation report : 96.00.5e.00.03
Attestation report signature verification successful.
Attestation report verification successful.
Authenticating the RIMs.
Authenticating Driver RIM
Fetching the driver RIM from the RIM service.
RIM Schema validation passed.
driver RIM certificate chain verification successful.
The certificate chain revocation status verification successful.
driver RIM signature verification successful.
Driver RIM verification successful
Authenticating VBIOS RIM.
Fetching the VBIOS RIM from the RIM service.
RIM Schema validation passed.
vbios RIM certificate chain verification successful.
The certificate chain revocation status verification successful.
vbios RIM signature verification successful.
VBIOS RIM verification successful
Comparing measurements (runtime vs golden)
The runtime measurements are not matching with the
golden measurements at the following indexes(starting from 0) :
[
5,
9,
32,
36,
37
]
GPU is running in DevTools mode!!
The verification of GPU 0 resulted in failure.
GPU Attestation failed
False
[LocalGPUTest] token : [["JWT", "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJOVi1BdHRlc3RhdGlvbi1TREsiLCJpYXQiOjE3MDQ0MzU0NjUsImV4cCI6bnVsbH0.brF3Q__J7_RE8daboMaRB3Ada7S4rZkL0L6S6fRKo-8"], {"LOCAL_GPU_CLAIMS": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ4LW52LWdwdS1hdmFpbGFibGUiOnRydWUsIngtbnYtZ3B1LWF0dGVzdGF0aW9uLXJlcG9ydC1hdmFpbGFibGUiOnRydWUsIngtbnYtZ3B1LWluZm8tZmV0Y2hlZCI6dHJ1ZSwieC1udi1ncHUtYXJjaC1jaGVjayI6dHJ1ZSwieC1udi1ncHUtcm9vdC1jZXJ0LWF2YWlsYWJsZSI6dHJ1ZSwieC1udi1ncHUtY2VydC1jaGFpbi12ZXJpZmllZCI6dHJ1ZSwieC1udi1ncHUtb2NzcC1jZXJ0LWNoYWluLXZlcmlmaWVkIjp0cnVlLCJ4LW52LWdwdS1vY3NwLXNpZ25hdHVyZS12ZXJpZmllZCI6dHJ1ZSwieC1udi1ncHUtY2VydC1vY3NwLW5vbmNlLW1hdGNoIjp0cnVlLCJ4LW52LWdwdS1jZXJ0LWNoZWNrLWNvbXBsZXRlIjp0cnVlLCJ4LW52LWdwdS1tZWFzdXJlbWVudC1hdmFpbGFibGUiOnRydWUsIngtbnYtZ3B1LWF0dGVzdGF0aW9uLXJlcG9ydC1wYXJzZWQiOnRydWUsIngtbnYtZ3B1LW5vbmNlLW1hdGNoIjp0cnVlLCJ4LW52LWdwdS1hdHRlc3RhdGlvbi1yZXBvcnQtZHJpdmVyLXZlcnNpb24tbWF0Y2giOnRydWUsIngtbnYtZ3B1LWF0dGVzdGF0aW9uLXJlcG9ydC12Ymlvcy12ZXJzaW9uLW1hdGNoIjp0cnVlLCJ4LW52LWdwdS1hdHRlc3RhdGlvbi1yZXBvcnQtdmVyaWZpZWQiOnRydWUsIngtbnYtZ3B1LWRyaXZlci1yaW0tc2NoZW1hLWZldGNoZWQiOnRydWUsIngtbnYtZ3B1LWRyaXZlci1yaW0tc2NoZW1hLXZhbGlkYXRlZCI6dHJ1ZSwieC1udi1ncHUtZHJpdmVyLXJpbS1jZXJ0LWV4dHJhY3RlZCI6dHJ1ZSwieC1udi1ncHUtZHJpdmVyLXJpbS1zaWduYXR1cmUtdmVyaWZpZWQiOnRydWUsIngtbnYtZ3B1LWRyaXZlci1yaW0tZHJpdmVyLW1lYXN1cmVtZW50cy1hdmFpbGFibGUiOnRydWUsIngtbnYtZ3B1LWRyaXZlci12Ymlvcy1yaW0tZmV0Y2hlZCI6dHJ1ZSwieC1udi1ncHUtdmJpb3MtcmltLXNjaGVtYS12YWxpZGF0ZWQiOnRydWUsIngtbnYtZ3B1LXZiaW9zLXJpbS1jZXJ0LWV4dHJhY3RlZCI6dHJ1ZSwieC1udi1ncHUtdmJpb3MtcmltLXNpZ25hdHVyZS12ZXJpZmllZCI6dHJ1ZSwieC1udi1ncHUtdmJpb3MtcmltLWRyaXZlci1tZWFzdXJlbWVudHMtYXZhaWxhYmxlIjp0cnVlLCJ4LW52LWdwdS12Ymlvcy1pbmRleC1uby1jb25mbGljdCI6dHJ1ZSwieC1udi1ncHUtbWVhc3VyZW1lbnRzLW1hdGNoIjpmYWxzZSwieC1udi1ncHUtdXVpZCI6IkdQVS0wZDZjNTVmMS05ZmM2LWE0YmYtZDYwOS1jZmVkYzQyMDI2YTcifQ.A8UvoJfvVPV0t7xIKpSyeQY8Q_ibWz9eYm9VZdI03PI"}]
[LocalGPUTest] call validate_token() - expecting True
[ERROR] Invalid token. Authorized claims does not match the appraisal policy: x-nv-gpu-measurements-match
False
The error is x-nv-gpu-measurements-match with
Comparing measurements (runtime vs golden)
The runtime measurements are not matching with the
golden measurements at the following indexes(starting from 0) :
[
5,
9,
32,
36,
37
]
The output of the CC mode on the host machine looks like below.
cclab@host-h100:~$ sudo python3 /shared/nvtrust/host_tools/python/gpu_cc_tool.py --gpu-name=H100 --query-cc-settings
[sudo] password for cclab:
NVIDIA GPU Tools version 535.86.06
Topo:
PCI 0000:40:01.1 0x1022:0x14ab
PCI 0000:41:00.0 0x1000:0xc030
PCI 0000:42:01.0 0x1000:0xc030
GPU 0000:44:00.0 H100-PCIE 0x2331 BAR0 0x50042000000
2024-01-05,06:24:13.250 INFO Selected GPU 0000:44:00.0 H100-PCIE 0x2331 BAR0 0x50042000000
2024-01-05,06:24:13.250 WARNING GPU 0000:44:00.0 H100-PCIE 0x2331 BAR0 0x50042000000 has CC mode devtools, some functionality may not work
2024-01-05,06:24:13.322 INFO GPU 0000:44:00.0 H100-PCIE 0x2331 BAR0 0x50042000000 CC settings:
2024-01-05,06:24:13.322 INFO enable = 1
2024-01-05,06:24:13.322 INFO enable-devtools = 1
2024-01-05,06:24:13.322 INFO enable-allow-inband-control = 1
2024-01-05,06:24:13.322 INFO enable-devtools-allow-inband-control = 1
Do you have any idea about this error?...