All Products
Search

This Product

    Elastic Compute Service:Build a heterogeneous confidential computing environment

    Document Center

    Elastic Compute Service:Build a heterogeneous confidential computing environment

    Last Updated:Feb 12, 2026

    This guide describes how to build a heterogeneous confidential computing environment on an Alibaba Cloud heterogeneous confidential computing instance (gn8v-tee). It also shows how to run sample code to verify the GPU confidential computing feature.

    Background

    Alibaba Cloud heterogeneous confidential computing instances (gn8v-tee) extend CPU TDX confidential computing instances by incorporating a GPU into the Trusted Execution Environment (TEE). This protects data transfers between the CPU and GPU, and data computation within the GPU. For information about building a CPU TDX confidential computing environment and verifying its remote attestation capabilities, see Build a TDX confidential computing environment. To deploy a large language model (LLM) inference environment on a heterogeneous confidential computing instance, see Build a measurement-enabled LLM inference environment on a heterogeneous confidential computing instance.

    image

    The figure above shows that the GPU on a heterogeneous confidential computing instance starts in confidential computing mode. The following mechanisms ensure the instance's confidentiality:

    1. The TDX feature ensures that the Hypervisor/Host OS cannot access the instance's sensitive registers or memory data.

    2. A PCIe firewall prevents the CPU from accessing the GPU's critical registers and protected video memory. The Hypervisor/Host OS can only perform limited operations on the GPU, such as resetting it, but cannot access sensitive data, ensuring data confidentiality on the GPU.

    3. The GPU's NVLink Firewall blocks other GPUs from directly accessing its video memory.

    4. During initialization, the GPU driver and library functions within the CPU TEE establish an encrypted channel with the GPU using the Security Protocol and Data Model (SPDM) protocol. After key negotiation is complete, only ciphertext is transmitted over PCIe between the CPU and GPU, ensuring the confidentiality of the data transfer link.

    5. The GPU's remote attestation capability confirms that the GPU is in a secure state.

      Specifically, applications in a confidential computing instance can use the Attestation software development kit (SDK) to call the GPU driver and obtain a cryptographic report of the GPU's security status from the hardware. This report contains cryptographically signed information about the GPU hardware, VBIOS, and hardware status measurements. A relying party can compare these measurements with the reference measurements provided by the GPU vendor to verify that the GPU is in a secure confidential computing state.

    Usage note

    Heterogeneous confidential computing requires Alibaba Cloud Linux 3 images. If you create an instance using a custom image based on Alibaba Cloud Linux 3, ensure that its kernel version is 5.10.134-18 or later.

    Create a heterogeneous confidential computing instance (gn8v-tee)

    Console

    The process of creating a heterogeneous confidential computing instance in the console is similar to creating a standard instance but requires specific configuration options. This section highlights the key configurations for heterogeneous confidential computing instances. For details on other general configurations, see Create an instance using the wizard.

    1. Go to ECS console - Instances.

    2. In the top navigation bar, select the region and resource group of the resource that you want to manage. Region

    3. Click Create Instance and configure the instance with the following settings.

      Configuration Item

      Description

      Region and Zone

      China (Beijing) Zone L

      Instance Type

      Only instance types ecs.gn8v-tee.4xlarge and higher are supported.

      Image

      Select the Alibaba Cloud Linux 3.2104 LTS 64-bit image.

      Public IP Address

      Assign Public IPv4 Address. This ensures you can download the driver from the official NVIDIA website later.

      Important

      When creating or restarting a confidential instance with 8 GPUs, do not add additional secondary Elastic Network Interfaces (ENIs) or data disks. This can cause an instance startup failure.

      Cause and solution

      ECS instances with the TDX attribute enabled use a specific non-encrypted memory region, the Software Input Output Translation Lookaside Buffer (SWIOTLB), for peripheral communication. This memory region is limited in size. By default, its size is 6% of the instance's available memory, with a maximum of 1 GiB.

      When creating or restarting a confidential instance with 8 GPUs, attaching multiple ENIs or data disks can exhaust the SWIOTLB memory. This causes a memory allocation failure and prevents the instance from starting.

      If the instance fails to start, use one of the following solutions:

      • Solution 1: Stop the instance. Then, unbind the additional secondary ENIs and detach all data disks.

      • Solution 2: Create a new instance with only one primary ENI and no data disks. The instance should only have a system disk.

      To add multiple ENIs or attach data disks to a confidential instance with 8 GPUs, first complete Step 1 to increase the SWIOTLB buffer to 8 GB. Then, attach ENIs to the instance and attach data disks.

    4. Follow the on-screen instructions to complete the instance creation.

    API/CLI

    You can call the RunInstances operation or use the Alibaba Cloud CLI to create a TDX-enabled ECS instance. The key parameters are described in the table below.

    Parameter

    Description

    Example

    RegionId

    China (Beijing)

    cn-beijing

    ZoneId

    Zone L

    cn-beijing-l

    InstanceType

    Select ecs.gn8v-tee.4xlarge or a larger instance type.

    ecs.gn8v-tee.4xlarge

    ImageId

    Specify the ID of an image that supports confidential computing. Only 64-bit Alibaba Cloud Linux 3.2104 LTS images with a kernel version of 5.10.134-18.al8.x86_64 or later are supported.

    aliyun_3_x64_20G_alibase_20250117.vhd

    CLI example:

    In the command, <SECURITY_GROUP_ID> represents the security group ID, <VSWITCH_ID> represents the vSwitch ID, and <KEY_PAIR_NAME> represents the SSH key pair name.
    aliyun ecs RunInstances \
  --RegionId cn-beijing \
  --ZoneId cn-beijing-l \
  --SystemDisk.Category cloud_essd \
  --ImageId 'aliyun_3_x64_20G_alibase_20250117.vhd' \
  --InstanceType 'ecs.gn8v-tee.4xlarge' \
  --SecurityGroupId '<SECURITY_GROUP_ID>' \
  --VSwitchId '<VSWITCH_ID>' \
  --KeyPairName <KEY_PAIR_NAME>

    Build the heterogeneous confidential computing environment

    Step 1: Install the NVIDIA driver and CUDA Toolkit

    Important

    Heterogeneous confidential computing instances take a long time to initialize. Wait until the instance status is Running and the instance's operating system has fully started.

    The installation steps vary based on the instance type:

    • Single-GPU confidential instances: ecs.gn8v-tee.4xlarge and ecs.gn8v-tee.6xlarge

    • 8-GPU confidential instances: ecs.gn8v-tee-8x.16xlarge and ecs.gn8v-tee-8x.48xlarge

    Single-GPU confidential instances

    1. Connect to the confidential computing instance.

      For more information, see Log on to a Linux instance using Workbench.

    2. Adjust the kernel parameters to set the SWIOTLB buffer to 8 GB.

      sudo grubby --update-kernel=ALL --args="swiotlb=4194304,any"

    3. Restart the instance to apply the changes.

      For more information, see Restart an instance.

    4. Download the NVIDIA driver and CUDA Toolkit.

      Single-GPU confidential instances require driver version 550.144.03 or later. This topic uses version 550.144.03 as an example.
      wget --referer=https://www.nvidia.cn/ https://cn.download.nvidia.cn/tesla/550.144.03/NVIDIA-Linux-x86_64-550.144.03.run
wget https://developer.download.nvidia.com/compute/cuda/12.4.1/local_installers/cuda_12.4.1_550.54.15_linux.run

    5. Install dependencies and disable the CloudMonitor service.

      sudo yum install -y openssl3
sudo systemctl disable cloudmonitor
sudo systemctl stop cloudmonitor

    6. Create and configure nvidia-persistenced.service.

      cat > nvidia-persistenced.service << EOF
[Unit]
Description=NVIDIA Persistence Daemon
Wants=syslog.target
Before=cloudmonitor.service

[Service]
Type=forking
ExecStart=/usr/bin/nvidia-persistenced --user root
ExecStartPost=/usr/bin/nvidia-smi conf-compute -srs 1
ExecStopPost=/bin/rm -rf /var/run/nvidia-persistenced

[Install]
WantedBy=multi-user.target
EOF

sudo cp nvidia-persistenced.service /usr/lib/systemd/system/nvidia-persistenced.service

    7. Install the NVIDIA driver and CUDA Toolkit.

      sudo bash NVIDIA-Linux-x86_64-550.144.03.run --ui=none --no-questions --accept-license --disable-nouveau --no-cc-version-check --install-libglvnd --kernel-module-build-directory=kernel-open --rebuild-initramfs
sudo bash cuda_12.4.1_550.54.15_linux.run --silent --toolkit

    8. Start the nvidia-persistenced and CloudMonitor services.

      sudo systemctl start nvidia-persistenced.service
sudo systemctl enable nvidia-persistenced.service
sudo systemctl start cloudmonitor
sudo systemctl enable cloudmonitor

    8-GPU confidential instances

    1. Connect to the confidential computing instance.

      For more information, see Log on to a Linux instance using Workbench.

      Important

      Confidential computing instances have a slow initialization process. Wait for the process to complete before proceeding.

    2. Adjust the kernel parameters to set the SWIOTLB buffer to 8 GB.

      sudo grubby --update-kernel=ALL --args="swiotlb=4194304,any"

    3. Configure the loading behavior of the NVIDIA driver and regenerate the initramfs.

      sudo bash -c 'cat > /etc/modprobe.d/nvidia-lkca.conf << EOF
install nvidia /sbin/modprobe ecdsa_generic; /sbin/modprobe ecdh; /sbin/modprobe --ignore-install nvidia
options nvidia NVreg_RegistryDwords="RmEnableProtectedPcie=0x1"
EOF'

sudo dracut --regenerate-all -f

    4. Restart the instance to apply the changes.

      For more information, see Restart an instance.

    5. Download the NVIDIA driver and CUDA Toolkit.

      8-GPU confidential computing instances require driver version 570.148.08 or later and the corresponding version of Fabric Manager. This topic uses version 570.148.08 as an example.
      wget --referer=https://www.nvidia.cn/ https://cn.download.nvidia.cn/tesla/570.148.08/NVIDIA-Linux-x86_64-570.148.08.run
wget https://developer.download.nvidia.com/compute/cuda/12.8.1/local_installers/cuda_12.8.1_570.124.06_linux.run
wget https://developer.download.nvidia.cn/compute/cuda/repos/rhel8/x86_64/nvidia-fabric-manager-570.148.08-1.x86_64.rpm

    6. Install dependencies and disable the CloudMonitor service.

      sudo yum install -y openssl3
sudo systemctl disable cloudmonitor
sudo systemctl stop cloudmonitor

    7. Create and configure nvidia-persistenced.service.

      cat > nvidia-persistenced.service << EOF
[Unit]
Description=NVIDIA Persistence Daemon
Wants=syslog.target
Before=cloudmonitor.service
After=nvidia-fabricmanager.service

[Service]
Type=forking
ExecStart=/usr/bin/nvidia-persistenced --user root --uvm-persistence-mode --verbose
ExecStartPost=/usr/bin/nvidia-smi conf-compute -srs 1
ExecStopPost=/bin/rm -rf /var/run/nvidia-persistenced
TimeoutStartSec=900
TimeoutStopSec=60

[Install]
WantedBy=multi-user.target
EOF

sudo cp nvidia-persistenced.service /usr/lib/systemd/system/nvidia-persistenced.service

    8. Install Fabric Manager, the NVIDIA driver, and the CUDA Toolkit.

      sudo rpm -ivh nvidia-fabric-manager-570.148.08-1.x86_64.rpm
sudo bash NVIDIA-Linux-x86_64-570.148.08.run --ui=none --no-questions --accept-license --disable-nouveau --no-cc-version-check --install-libglvnd --kernel-module-build-directory=kernel-open --rebuild-initramfs
sudo bash cuda_12.8.1_570.124.06_linux.run --silent --toolkit

    9. Start and enable the nvidia-fabricmanager, nvidia-persistenced, and cloudmonitor services.

      sudo systemctl start nvidia-fabricmanager.service
sudo systemctl enable nvidia-fabricmanager.service
sudo systemctl start nvidia-persistenced.service
sudo systemctl enable nvidia-persistenced.service
sudo systemctl start cloudmonitor
sudo systemctl enable cloudmonitor

    Step 2: Check the TDX status

    This feature is built on TDX. First, check the instance's TDX status to verify that it is protected.

    1. Check whether TDX is enabled. 

      lscpu |grep -i tdx_guest

      The following command output indicates that TDX is enabled.tdx-install

    2. Check the installation of TDX-related drivers.

      ls -l /dev/tdx_guest

      The following figure shows that the TDX-related drivers are installed.image

    Step 3: Check the GPU confidential computing feature status

    Single-GPU confidential instances

    View the confidential computing feature status.

    nvidia-smi conf-compute -f

    CC status: ON indicates that the confidential computing feature is enabled. CC status: OFF indicates that the feature is disabled due to an instance error. If this occurs, submit a ticket.

    image

    8-GPU confidential instances

    View the status of the confidential computing attribute.

    nvidia-smi conf-compute -mgm

    Multi-GPU Mode: Protected PCIe indicates that the multi-GPU confidential computing feature is enabled. Multi-GPU Mode: None indicates that the feature is disabled due to an instance error. If this occurs, submit a ticket.

    image

    Note

    For 8-GPU confidential instances, the nvidia-smi conf-compute -f command normally returns CC status: OFF.

    Step 4: Verify GPU and NVSwitch trust by using local attestation

    Single-GPU confidential instances

    1. Install the dependencies required for GPU trust.

      sudo yum install -y python3.11 python3.11-devel python3.11-pip
sudo alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 60
sudo alternatives --set python3 /usr/bin/python3.11
sudo python3 -m ensurepip --upgrade
sudo python3 -m pip install --upgrade pip

sudo python3 -m pip install nv_attestation_sdk==2.5.0.post6914366 nv_local_gpu_verifier==2.5.0.post6914366 nv_ppcie_verifier==1.5.0.post6914366 -f https://attest-public-cn-beijing.oss-cn-beijing.aliyuncs.com/repo/pip/attest.html

    2. Verify the GPU's trust status.

      python3 -m verifier.cc_admin --user_mode

      The output indicates that the GPU is in confidential computing mode and that measurements such as the driver and VBIOS match their expected values:

      image

      Full output example

      Generating nonce in the local GPU Verifier ..
Number of GPUs available : 1
Fetching GPU 0 information from GPU driver.
All GPU Evidences fetched successfully
Set OCSP_NONCE_DISABLED to True while using aliyun's OCSP service
-----------------------------------
Verifying GPU: GPU-e1e94012-8c7b-f9a2-d712-fc5b014f364c
        Driver version fetched : 550.144.03
        VBIOS version fetched : 96.00.cf.00.05
        Validating GPU certificate chains.
                The firmware ID in the device certificate chain is matching with the one in the attestation report.
                GPU attestation report certificate chain validation successful.
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                Driver version fetched from the attestation report : 550.144.03
                VBIOS version fetched from the attestation report : 96.00.cf.00.05
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating Driver RIM
                        Fetching the driver RIM from the RIM service.
                        RIM Schema validation passed.
                        driver RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        driver RIM signature verification successful.
                        Driver RIM verification successful
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                GPU is in expected state.
        GPU 0 with UUID GPU-e1e94012-8c7b-f9a2-d712-fc5b014f364c verified successfully.
GPU Attestation is Successful.

    8-GPU confidential instances

    1. Install the dependencies required for GPU trust.

      sudo yum install -y python3.11 python3.11-devel python3.11-pip
sudo alternatives --install /usr/bin/python3 python3 /usr/bin/python3.11 60
sudo alternatives --set python3 /usr/bin/python3.11
sudo python3 -m ensurepip --upgrade
sudo python3 -m pip install --upgrade pip

sudo python3 -m pip install nv_attestation_sdk==2.5.0.post6914366 nv_local_gpu_verifier==2.5.0.post6914366 nv_ppcie_verifier==1.5.0.post6914366 -f https://attest-public-cn-beijing.oss-cn-beijing.aliyuncs.com/repo/pip/attest.html

    2. Install NVSwitch-related dependencies.

      wget https://developer.download.nvidia.cn/compute/cuda/repos/rhel8/x86_64/libnvidia-nscq-570-570.148.08-1.x86_64.rpm
sudo rpm -ivh libnvidia-nscq-570-570.148.08-1.x86_64.rpm

    3. Run the following command to verify the GPU/NVSwitch trust status.

      python3 -m ppcie.verifier.verification --gpu-attestation-mode=LOCAL --switch-attestation-mode=LOCAL

      The sample code verifies eight GPUs and four NVSwitches. An output of SUCCESS indicates that the verification is successful:

      image

      Full output example

      **************************************************
*    PPCIE: Starting PPCIE Verification Tool    *
**************************************************
**************************************************
*          PPCIE: Number of GPUs are: 8          *
**************************************************
**************************************************
*       PPCIE: Number of NVSwitches are: 4       *
**************************************************
Nonce generated: 006a638b032ae5eed158d6584dd13429de5743ce36498e60b7256703ce6a68ae
Number of GPUs available : 8
Fetching GPU 0 information from GPU driver.
Fetching GPU 1 information from GPU driver.
Fetching GPU 2 information from GPU driver.
Fetching GPU 3 information from GPU driver.
Fetching GPU 4 information from GPU driver.
Fetching GPU 5 information from GPU driver.
Fetching GPU 6 information from GPU driver.
Fetching GPU 7 information from GPU driver.
All GPU Evidences fetched successfully
**************************************************
*           PPCIE: Attesting the GPUs           *
**************************************************
Set OCSP_NONCE_DISABLED to True while using aliyun's OCSP service
-----------------------------------
Verifying GPU: GPU-db98b8e0-51c7-d188-99ec-6755455abcd9
        Driver version fetched : 570.148.08
        VBIOS version fetched : 96.00.cf.00.05
        Validating GPU certificate chains.
                The firmware ID in the device certificate chain is matching with the one in the attestation report.
                GPU attestation report certificate chain validation successful.
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                Driver version fetched from the attestation report : 570.148.08
                VBIOS version fetched from the attestation report : 96.00.cf.00.05
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating Driver RIM
                        Fetching the driver RIM from the RIM service.
                        RIM Schema validation passed.
                        driver RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        driver RIM signature verification successful.
                        Driver RIM verification successful
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                GPU is in expected state.
        GPU 0 with UUID GPU-db98b8e0-51c7-d188-99ec-6755455abcd9 verified successfully.
-----------------------------------
Verifying GPU: GPU-d5372674-da51-fe3c-29f7-034c6aad55bd
        Driver version fetched : 570.148.08
        VBIOS version fetched : 96.00.cf.00.05
        Validating GPU certificate chains.
                The firmware ID in the device certificate chain is matching with the one in the attestation report.
                GPU attestation report certificate chain validation successful.
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                Driver version fetched from the attestation report : 570.148.08
                VBIOS version fetched from the attestation report : 96.00.cf.00.05
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating Driver RIM
                        Fetching the driver RIM from the RIM service.
                        RIM Schema validation passed.
                        driver RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        driver RIM signature verification successful.
                        Driver RIM verification successful
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                GPU is in expected state.
        GPU 1 with UUID GPU-d5372674-da51-fe3c-29f7-034c6aad55bd verified successfully.
-----------------------------------
Verifying GPU: GPU-3865b295-1fd1-a21a-a4d3-07bc47ff31ca
        Driver version fetched : 570.148.08
        VBIOS version fetched : 96.00.cf.00.05
        Validating GPU certificate chains.
                The firmware ID in the device certificate chain is matching with the one in the attestation report.
                GPU attestation report certificate chain validation successful.
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                Driver version fetched from the attestation report : 570.148.08
                VBIOS version fetched from the attestation report : 96.00.cf.00.05
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating Driver RIM
                        Fetching the driver RIM from the RIM service.
                        RIM Schema validation passed.
                        driver RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        driver RIM signature verification successful.
                        Driver RIM verification successful
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                GPU is in expected state.
        GPU 2 with UUID GPU-3865b295-1fd1-a21a-a4d3-07bc47ff31ca verified successfully.
-----------------------------------
Verifying GPU: GPU-98377e04-ff60-ecac-beb5-28b3e8005c64
        Driver version fetched : 570.148.08
        VBIOS version fetched : 96.00.cf.00.05
        Validating GPU certificate chains.
                The firmware ID in the device certificate chain is matching with the one in the attestation report.
                GPU attestation report certificate chain validation successful.
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                Driver version fetched from the attestation report : 570.148.08
                VBIOS version fetched from the attestation report : 96.00.cf.00.05
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating Driver RIM
                        Fetching the driver RIM from the RIM service.
                        RIM Schema validation passed.
                        driver RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        driver RIM signature verification successful.
                        Driver RIM verification successful
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                GPU is in expected state.
        GPU 3 with UUID GPU-98377e04-ff60-ecac-beb5-28b3e8005c64 verified successfully.
-----------------------------------
Verifying GPU: GPU-ecab3a2a-0cb3-eebd-6a46-b941338b9e5f
        Driver version fetched : 570.148.08
        VBIOS version fetched : 96.00.cf.00.05
        Validating GPU certificate chains.
                The firmware ID in the device certificate chain is matching with the one in the attestation report.
                GPU attestation report certificate chain validation successful.
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                Driver version fetched from the attestation report : 570.148.08
                VBIOS version fetched from the attestation report : 96.00.cf.00.05
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating Driver RIM
                        Fetching the driver RIM from the RIM service.
                        RIM Schema validation passed.
                        driver RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        driver RIM signature verification successful.
                        Driver RIM verification successful
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                GPU is in expected state.
        GPU 4 with UUID GPU-ecab3a2a-0cb3-eebd-6a46-b941338b9e5f verified successfully.
-----------------------------------
Verifying GPU: GPU-91acee11-dd57-920c-c2f9-0b67fc4540d6
        Driver version fetched : 570.148.08
        VBIOS version fetched : 96.00.cf.00.05
        Validating GPU certificate chains.
                The firmware ID in the device certificate chain is matching with the one in the attestation report.
                GPU attestation report certificate chain validation successful.
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                Driver version fetched from the attestation report : 570.148.08
                VBIOS version fetched from the attestation report : 96.00.cf.00.05
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating Driver RIM
                        Fetching the driver RIM from the RIM service.
                        RIM Schema validation passed.
                        driver RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        driver RIM signature verification successful.
                        Driver RIM verification successful
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                GPU is in expected state.
        GPU 5 with UUID GPU-91acee11-dd57-920c-c2f9-0b67fc4540d6 verified successfully.
-----------------------------------
Verifying GPU: GPU-84370594-42f5-cbbe-a71c-b6d22ba45b65
        Driver version fetched : 570.148.08
        VBIOS version fetched : 96.00.cf.00.05
        Validating GPU certificate chains.
                The firmware ID in the device certificate chain is matching with the one in the attestation report.
                GPU attestation report certificate chain validation successful.
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                Driver version fetched from the attestation report : 570.148.08
                VBIOS version fetched from the attestation report : 96.00.cf.00.05
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating Driver RIM
                        Fetching the driver RIM from the RIM service.
                        RIM Schema validation passed.
                        driver RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        driver RIM signature verification successful.
                        Driver RIM verification successful
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                GPU is in expected state.
        GPU 6 with UUID GPU-84370594-42f5-cbbe-a71c-b6d22ba45b65 verified successfully.
-----------------------------------
Verifying GPU: GPU-4d8767db-a4ed-4ec1-d863-6c7635366dd1
        Driver version fetched : 570.148.08
        VBIOS version fetched : 96.00.cf.00.05
        Validating GPU certificate chains.
                The firmware ID in the device certificate chain is matching with the one in the attestation report.
                GPU attestation report certificate chain validation successful.
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                Driver version fetched from the attestation report : 570.148.08
                VBIOS version fetched from the attestation report : 96.00.cf.00.05
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating Driver RIM
                        Fetching the driver RIM from the RIM service.
                        RIM Schema validation passed.
                        driver RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        driver RIM signature verification successful.
                        Driver RIM verification successful
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                GPU is in expected state.
        GPU 7 with UUID GPU-4d8767db-a4ed-4ec1-d863-6c7635366dd1 verified successfully.
GPU Attestation is Successful.
**************************************************
*      PPCIE: GPU Attestation result: True      *
**************************************************
**************************************************
*        PPCIE: GPU Attestation Completed        *
**************************************************
Nonce generated: 2c345829a31f1650d6185413183b6878c578759c2ef9b4f1f0ed313d38f6c7c3
Getting evidence details for SWX-F6E1D86E-20D5-7BE5-85AD-E5EF52A80504
Getting evidence details for SWX-C9296F62-ECDB-F271-3C5A-D7F03F733A4C
Getting evidence details for SWX-15D9CFBE-E466-0EC5-364C-9EAA0671C686
Getting evidence details for SWX-4D9DEC0E-C8BC-5CC5-F664-96D874434D05
All nvSwitch Evidences fetched successfully
**************************************************
*         PPCIE: Attesting the switches         *
**************************************************
Set ocsp_nonce_disabled to True while using aliyun's OCSP service
-----------------------------------
Verifying Switch : 0
NVSwitch info fetched successfully.
        Validating Switch certificate chains.
                nvSwitch attestation report certificate chain validation successful.
send_ocsp_request called.
send_ocsp_request completed successfully
send_ocsp_request called.
send_ocsp_request completed successfully
send_ocsp_request called.
send_ocsp_request completed successfully
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                VBIOS version fetched from the attestation report : 96.10.6D.00.01
VBIOS version in attestation report is matching.
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
fetch_rim_file called.
fetch_rim_file completed successfully
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
send_ocsp_request called.
send_ocsp_request completed successfully
send_ocsp_request called.
send_ocsp_request completed successfully
send_ocsp_request called.
send_ocsp_request completed successfully
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                Switch is in expected state.
        nvSwitch 0 verified successfully.
-----------------------------------
Verifying Switch : 1
NVSwitch info fetched successfully.
        Validating Switch certificate chains.
                nvSwitch attestation report certificate chain validation successful.
send_ocsp_request called.
send_ocsp_request completed successfully
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                VBIOS version fetched from the attestation report : 96.10.6D.00.01
VBIOS version in attestation report is matching.
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
fetch_rim_file called.
fetch_rim_file completed successfully
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                Switch is in expected state.
        nvSwitch 1 verified successfully.
-----------------------------------
Verifying Switch : 2
NVSwitch info fetched successfully.
        Validating Switch certificate chains.
                nvSwitch attestation report certificate chain validation successful.
send_ocsp_request called.
send_ocsp_request completed successfully
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                VBIOS version fetched from the attestation report : 96.10.6D.00.01
VBIOS version in attestation report is matching.
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
fetch_rim_file called.
fetch_rim_file completed successfully
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                Switch is in expected state.
        nvSwitch 2 verified successfully.
-----------------------------------
Verifying Switch : 3
NVSwitch info fetched successfully.
        Validating Switch certificate chains.
                nvSwitch attestation report certificate chain validation successful.
send_ocsp_request called.
send_ocsp_request completed successfully
                        The certificate chain revocation status verification successful.
        Authenticating attestation report
                The nonce in the SPDM GET MEASUREMENT request message is matching with the generated nonce.
                VBIOS version fetched from the attestation report : 96.10.6D.00.01
VBIOS version in attestation report is matching.
                Attestation report signature verification successful.
                Attestation report verification successful.
        Authenticating the RIMs.
                Authenticating VBIOS RIM.
                        Fetching the VBIOS RIM from the RIM service.
fetch_rim_file called.
fetch_rim_file completed successfully
                        RIM Schema validation passed.
                        vbios RIM certificate chain verification successful.
                        The certificate chain revocation status verification successful.
                        vbios RIM signature verification successful.
                        VBIOS RIM verification successful
        Comparing measurements (runtime vs golden)
                        The runtime measurements are matching with the golden measurements.                            
                Switch is in expected state.
        nvSwitch 3 verified successfully.
All nvSwitches Attested Successfully
**************************************************
*    PPCIE: Switch attestation result is True    *
**************************************************
**************************************************
*      PPCIE: Switch Attestation Completed      *
**************************************************
**************************************************
*           PPCIE: GPU state is READY           *
**************************************************
+--------------------+---------+
|       STAGE        |  STATUS |
+--------------------+---------+
|   GPU Pre-checks   | SUCCESS |
| Switch Pre-checks  | SUCCESS |
|  GPU Attestation   | SUCCESS |
| Switch Attestation | SUCCESS |
|  Topology checks   | SUCCESS |
+--------------------+---------+
**************************************************
*     PPCIE: End of PPCIE Verification Tool     *
**************************************************

    Limitations

    • Because this feature is built on TDX, it inherits the limitations of TDX confidential computing instances. For more information, see Known limitations of TDX instances.

    • After the GPU confidential computing feature is enabled, data transfer between the CPU and GPU requires encryption and decryption. This encryption and decryption process results in lower performance for GPU-related tasks than on non-confidential heterogeneous instances.

    Usage notes

    1. Single-GPU instances use CUDA 12.4. The NVIDIA cuBLAS library has a known issue that may cause errors when you run CUDA or LLM tasks. To resolve this, install a specific version of cuBLAS.

      pip3 install nvidia-cublas-cu12==12.4.5.8

    2. After the GPU confidential computing feature is enabled, the initialization process is slow, especially for 8-GPU instances. After the guest OS starts, you must verify that the nvidia-persistenced service has finished starting before you use the GPU by running nvidia-smi or other commands. To check the status of the nvidia-persistenced service, run the following command:

      systemctl status nvidia-persistenced | grep "Active: "

      • activating (start) indicates that the service is starting.

        Active: activating (start) since Wed 2025-02-19 10:07:54 CST; 2min 20s ago

      • active (running) indicates that the service is running.

        Active: active (running) since Wed 2025-02-19 10:10:28 CST; 22s ago

    3. Any auto-start service that uses the GPU, such as cloudmonitor.service, nvidia-cdi-refresh.service (from the nvidia-container-toolkit-base package), or ollama.service, must be configured to start after nvidia-persistenced.service.

      The following is an example configuration for /usr/lib/systemd/system/nvidia-persistenced.service:

      [Unit]
Description=NVIDIA Persistence Daemon
Wants=syslog.target
Before=cloudmonitor.service nvidia-cdi-refresh.service ollama.service
After=nvidia-fabricmanager.service

[Service]
Type=forking
ExecStart=/usr/bin/nvidia-persistenced --user root --uvm-persistence-mode --verbose
ExecStartPost=/usr/bin/nvidia-smi conf-compute -srs 1
ExecStopPost=/bin/rm -rf /var/run/nvidia-persistenced
TimeoutStartSec=900
TimeoutStopSec=60

[Install]
WantedBy=multi-user.target