opensource/cocos
1
0
Fork 0
mirror of https://github.com/ultravioletrs/cocos.git synced 2026-06-23 04:10:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Refactored baed on comments

Browse Source
This commit is contained in:
Jovan Djukic
2026-05-04 11:50:48 +02:00
parent ae14cc2165
commit d30593ce4d
9 changed files with 606 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
+1
View File
@@ -19,6 +19,7 @@ target/
# Remove Cargo.lock from gitignore if creating an executable, leave it for libraries
# More information here https://doc.rust-lang.org/cargo/guide/cargo-toml-vs-cargo-lock.html
Cargo.lock
!tools/nvidia-attestation-helper/Cargo.lock
# These are backup files generated by rustfmt
**/*.rs.bk
Makefile
+1 -1
View File
@@ -41,7 +41,7 @@ NVIDIA_ATTESTATION_HELPER_RUSTFLAGS = $(strip $(RUSTFLAGS) $(if $(filter 1,$(NVA
.PHONY: all $(SERVICES) $(NVIDIA_ATTESTATION_HELPER) nvidia-attestation-helper-prereqs install clean
all: $(SERVICES) $(NVIDIA_ATTESTATION_HELPER)
all: $(SERVICES)
$(BUILD_DIR):
mkdir -p $(BUILD_DIR)
cmd/attestation-service/gpu.go
+1 -1
View File
@@ -45,7 +45,7 @@ func (s *service) claimOptions(ctx context.Context, req *attestationpb.Attestati
opts = append(opts, eat.WithGPU(&eat.GPUExtensions{
Vendor: evidence.Vendor,
EvidenceFormat: evidence.EvidenceFormat,
Nonce: evidence.Nonce,
Nonce: gpuNonce,
EvidenceJSON: evidence.RawEvidence,
}))
}
pkg/atls/evidence_verifier.go
+18
View File
@@ -6,8 +6,11 @@ package atls
import (
"bytes"
"crypto/sha256"
"encoding/hex"
"encoding/json"
"fmt"
"os"
"strings"
"time"
eaattestation "github.com/ultravioletrs/cocos/pkg/atls/eaattestation"
@@ -141,6 +144,21 @@ func (v *policyEvidenceVerifier) verifyGPUEvidence(claims *eat.EATClaims, manife
return fmt.Errorf("atls: gpu nonce binding mismatch")
}
// Guard against replay: a stale self-consistent EvidenceJSON blob can be
// paired with a rewritten outer Nonce unless the inner nonce is also checked.
var envelopes []struct {
Nonce string `json:"nonce"`
}
if err := json.Unmarshal(claims.GPUExtensions.EvidenceJSON, &envelopes); err != nil {
return fmt.Errorf("atls: failed to parse GPU evidence JSON: %w", err)
}
if len(envelopes) == 0 || strings.TrimSpace(envelopes[0].Nonce) == "" {
return fmt.Errorf("atls: GPU evidence JSON missing nonce")
}
if envelopes[0].Nonce != hex.EncodeToString(expectedNonce[:]) {
return fmt.Errorf("atls: gpu evidence nonce mismatch")
}
verifier, err := v.newGPUVerifier()
if err != nil {
return err
pkg/attestation/eat/eat.go
+3
View File
@@ -161,6 +161,9 @@ func NewEATClaims(report []byte, nonce []byte, platformType attestation.Platform
}
for _, opt := range opts {
if opt == nil {
continue
}
if err := opt(claims); err != nil {
return nil, err
}
pkg/attestation/gpu/verifier.go
+106 -5
View File
@@ -6,6 +6,7 @@ package gpu
import (
"bytes"
"context"
"crypto/sha256"
"encoding/json"
"fmt"
"os/exec"
@@ -13,6 +14,7 @@ import (
"time"
"github.com/ultravioletrs/cocos/pkg/attestation"
"github.com/veraison/corim/comid"
"github.com/veraison/corim/corim"
)
@@ -33,6 +35,27 @@ type evidenceEnvelope struct {
Nonce string `json:"nonce"`
}
// gpuDeviceClaims mirrors the per-device object produced by the NVIDIA
// attestation helper's verify mode (e.g. "GPU-0": { ... }).
type gpuDeviceClaims struct {
HWModel string `json:"hwmodel"`
OEMID string `json:"oemid"`
DriverVersion string `json:"x-nvidia-gpu-driver-version"`
VBIOSVersion string `json:"x-nvidia-gpu-vbios-version"`
SecBoot bool `json:"secboot"`
DebugStatus string `json:"dbgstat"`
MeasurementResult string `json:"measres"`
NonceMatch bool `json:"x-nvidia-gpu-attestation-report-nonce-match"`
SigVerified bool `json:"x-nvidia-gpu-attestation-report-signature-verified"`
FWIDMatch bool `json:"x-nvidia-gpu-attestation-report-cert-chain-fwid-match"`
ArchCheck bool `json:"x-nvidia-gpu-arch-check"`
DriverRIMSigVerified bool `json:"x-nvidia-gpu-driver-rim-signature-verified"`
VBIOSRIMSigVerified bool `json:"x-nvidia-gpu-vbios-rim-signature-verified"`
DriverRIMVersionMatch bool `json:"x-nvidia-gpu-driver-rim-version-match"`
VBIOSRIMVersionMatch bool `json:"x-nvidia-gpu-vbios-rim-version-match"`
AttestationWarning *string `json:"x-nvidia-attestation-warning"`
}
func NewVerifier(binaryPath string, timeout time.Duration) (attestation.Verifier, error) {
if strings.TrimSpace(binaryPath) == "" {
binaryPath = DefaultVerifierBinary
@@ -98,14 +121,92 @@ func (v *verifier) VerifyWithCoRIM(report []byte, manifest *corim.UnsignedCorim)
return fmt.Errorf("gpu verifier response did not contain claims_json")
}
// NVIDIA attestation currently performs its own evidence-policy appraisal
// and returns claims/detached EAT. We keep the attestation.Verifier
// interface by treating manifest integration as a follow-up layer.
_ = manifest
var deviceClaims map[string]gpuDeviceClaims
if err := json.Unmarshal(resp.ClaimsJSON, &deviceClaims); err != nil {
return fmt.Errorf("gpu: failed to parse claims JSON: %w", err)
}
return appraiseGPUClaims(deviceClaims, manifest)
}
// appraiseGPUClaims checks mandatory security flags on every device, then
// matches each device's identity against CoRIM reference values when a
// manifest is provided.
func appraiseGPUClaims(devices map[string]gpuDeviceClaims, manifest *corim.UnsignedCorim) error {
for id, c := range devices {
if !c.SecBoot {
return fmt.Errorf("gpu: %s: secure boot not enabled", id)
}
if c.DebugStatus != "disabled" {
return fmt.Errorf("gpu: %s: debug not disabled (got %q)", id, c.DebugStatus)
}
if c.MeasurementResult != "success" {
return fmt.Errorf("gpu: %s: measurement result not success (got %q)", id, c.MeasurementResult)
}
if !c.NonceMatch || !c.SigVerified || !c.FWIDMatch || !c.ArchCheck ||
!c.DriverRIMSigVerified || !c.VBIOSRIMSigVerified ||
!c.DriverRIMVersionMatch || !c.VBIOSRIMVersionMatch {
return fmt.Errorf("gpu: %s: one or more attestation verification flags are false", id)
}
if c.AttestationWarning != nil {
return fmt.Errorf("gpu: %s: attestation warning: %s", id, *c.AttestationWarning)
}
}
if manifest == nil {
return nil
}
// Match each device's identity (model|driver|vbios) against CoRIM digests.
// matchesCoRIM returns true when a digest matches OR when the manifest
// contains no digest entries at all (no GPU policy configured).
for id, c := range devices {
identity := c.HWModel + "|" + c.DriverVersion + "|" + c.VBIOSVersion
digest := sha256.Sum256([]byte(identity))
if !matchesCoRIM(digest[:], manifest) {
return fmt.Errorf("gpu: %s: no CoRIM reference value matched (model=%q driver=%q vbios=%q)",
id, c.HWModel, c.DriverVersion, c.VBIOSVersion)
}
}
return nil
}
// matchesCoRIM returns true when digest matches any reference value digest in
// the manifest, or when the manifest contains no digest entries (treating an
// empty manifest as "no GPU policy configured").
func matchesCoRIM(digest []byte, manifest *corim.UnsignedCorim) bool {
hasAnyDigests := false
for _, tag := range manifest.Tags {
if !bytes.HasPrefix(tag, corim.ComidTag) {
continue
}
var c comid.Comid
if err := c.FromCBOR(tag[len(corim.ComidTag):]); err != nil {
continue
}
if c.Triples.ReferenceValues == nil {
continue
}
for _, rv := range *c.Triples.ReferenceValues {
if rv.Measurements.Valid() != nil {
continue
}
for _, m := range rv.Measurements {
if m.Val.Digests == nil {
continue
}
for _, d := range *m.Val.Digests {
hasAnyDigests = true
if bytes.Equal(d.HashValue, digest) {
return true
}
}
}
}
}
return !hasAnyDigests
}
func evidenceNonce(report []byte) (string, error) {
var envelopes []evidenceEnvelope
if err := json.Unmarshal(report, &envelopes); err != nil {
@@ -124,4 +225,4 @@ func evidenceNonce(report []byte) (string, error) {
// SetExecCommandContext allows tests to inject a mock exec.CommandContext.
func (v *verifier) SetExecCommandContext(cmdFunc func(ctx context.Context, name string, arg ...string) *exec.Cmd) {
v.execCommandContext = cmdFunc
}
}
pkg/attestation/gpu/verifier_test.go
+167 -1
View File
@@ -16,6 +16,29 @@ import (
"github.com/veraison/corim/corim"
)
// validClaimsJSON is a well-formed helper response matching the real SDK output
// (hopperClaimsv3_decoded.json from the NVAT SDK test data).
const validClaimsJSON = `{
"GPU-0": {
"hwmodel": "GH100 A01 GSP BROM",
"oemid": "5703",
"x-nvidia-gpu-driver-version": "550.90.07",
"x-nvidia-gpu-vbios-version": "96.00.9F.00.01",
"secboot": true,
"dbgstat": "disabled",
"measres": "success",
"x-nvidia-gpu-attestation-report-nonce-match": true,
"x-nvidia-gpu-attestation-report-signature-verified": true,
"x-nvidia-gpu-attestation-report-cert-chain-fwid-match": true,
"x-nvidia-gpu-arch-check": true,
"x-nvidia-gpu-driver-rim-signature-verified": true,
"x-nvidia-gpu-vbios-rim-signature-verified": true,
"x-nvidia-gpu-driver-rim-version-match": true,
"x-nvidia-gpu-vbios-rim-version-match": true,
"x-nvidia-attestation-warning": null
}
}`
func fakeVerifierExecCommandContext(_ context.Context, name string, arg ...string) *exec.Cmd {
args := append([]string{"-test.run=TestGPUVerifierHelperProcess", "--", name}, arg...)
cmd := exec.Command(os.Args[0], args...)
@@ -51,6 +74,9 @@ func TestGPUVerifierHelperProcess(t *testing.T) {
case "verifier-empty-claims":
fmt.Fprintln(os.Stdout, `{"detached_eat_json":{"overall_result":true}}`)
os.Exit(0)
case "verifier-invalid-claims-format":
fmt.Fprintln(os.Stdout, `{"claims_json":[1,2,3]}`)
os.Exit(0)
default:
var req helperRequest
if err := json.NewDecoder(os.Stdin).Decode(&req); err != nil {
@@ -75,7 +101,7 @@ func TestGPUVerifierHelperProcess(t *testing.T) {
}
resp := helperResponse{
ClaimsJSON: json.RawMessage(`[{"x-nvidia-device-type":"gpu"}]`),
ClaimsJSON: json.RawMessage(validClaimsJSON),
DetachedEATJSON: json.RawMessage(`{"overall_result":true}`),
}
if err := json.NewEncoder(os.Stdout).Encode(resp); err != nil {
@@ -119,6 +145,12 @@ func TestVerifierVerifyWithCoRIM(t *testing.T) {
cmdVerifier.SetExecCommandContext(fakeVerifierExecCommandContext)
report := []byte(`[{"nonce":"aabbcc","evidence":"abc","certificate":"def"}]`)
// nil manifest: CoRIM phase skipped, only mandatory flags checked.
err = v.VerifyWithCoRIM(report, nil)
assert.NoError(t, err)
// Empty manifest: no digest entries → matchesCoRIM returns true → pass.
err = v.VerifyWithCoRIM(report, &corim.UnsignedCorim{})
assert.NoError(t, err)
}
@@ -158,6 +190,12 @@ func TestVerifierVerifyWithCoRIMErrors(t *testing.T) {
report: []byte(`[{"nonce":"aabbcc"}]`),
wantError: "gpu verifier response did not contain claims_json",
},
{
name: "invalid claims format",
binary: "verifier-invalid-claims-format",
report: []byte(`[{"nonce":"aabbcc"}]`),
wantError: "gpu: failed to parse claims JSON",
},
}
for _, tt := range tests {
@@ -182,3 +220,131 @@ func TestVerifierVerifyWithCoRIMErrors(t *testing.T) {
})
}
}
func TestAppraiseGPUClaims(t *testing.T) {
warning := "some warning"
validDevice := gpuDeviceClaims{
HWModel: "GH100 A01 GSP BROM",
OEMID: "5703",
DriverVersion: "550.90.07",
VBIOSVersion: "96.00.9F.00.01",
SecBoot: true,
DebugStatus: "disabled",
MeasurementResult: "success",
NonceMatch: true,
SigVerified: true,
FWIDMatch: true,
ArchCheck: true,
DriverRIMSigVerified: true,
VBIOSRIMSigVerified: true,
DriverRIMVersionMatch: true,
VBIOSRIMVersionMatch: true,
AttestationWarning: nil,
}
tests := []struct {
name string
modify func(gpuDeviceClaims) gpuDeviceClaims
wantError string
}{
{
name: "all valid",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { return c },
},
{
name: "secure boot disabled",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.SecBoot = false; return c },
wantError: "secure boot not enabled",
},
{
name: "debug not disabled",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.DebugStatus = "enabled"; return c },
wantError: "debug not disabled",
},
{
name: "measurement result failed",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.MeasurementResult = "failed"; return c },
wantError: "measurement result not success",
},
{
name: "nonce mismatch",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.NonceMatch = false; return c },
wantError: "one or more attestation verification flags are false",
},
{
name: "signature not verified",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.SigVerified = false; return c },
wantError: "one or more attestation verification flags are false",
},
{
name: "fwid mismatch",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.FWIDMatch = false; return c },
wantError: "one or more attestation verification flags are false",
},
{
name: "arch check failed",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.ArchCheck = false; return c },
wantError: "one or more attestation verification flags are false",
},
{
name: "driver RIM sig not verified",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.DriverRIMSigVerified = false; return c },
wantError: "one or more attestation verification flags are false",
},
{
name: "vbios RIM sig not verified",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.VBIOSRIMSigVerified = false; return c },
wantError: "one or more attestation verification flags are false",
},
{
name: "driver RIM version mismatch",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.DriverRIMVersionMatch = false; return c },
wantError: "one or more attestation verification flags are false",
},
{
name: "vbios RIM version mismatch",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.VBIOSRIMVersionMatch = false; return c },
wantError: "one or more attestation verification flags are false",
},
{
name: "attestation warning present",
modify: func(c gpuDeviceClaims) gpuDeviceClaims { c.AttestationWarning = &warning; return c },
wantError: "attestation warning",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
devices := map[string]gpuDeviceClaims{
"GPU-0": tt.modify(validDevice),
}
err := appraiseGPUClaims(devices, nil)
if tt.wantError == "" {
assert.NoError(t, err)
} else {
assert.ErrorContains(t, err, tt.wantError)
}
})
}
}
func TestMatchesCoRIM(t *testing.T) {
digest := []byte("some-32-byte-digest-padding-here")
t.Run("nil tags returns true", func(t *testing.T) {
assert.True(t, matchesCoRIM(digest, &corim.UnsignedCorim{}))
})
t.Run("non-ComidTag prefix is skipped", func(t *testing.T) {
m := &corim.UnsignedCorim{
Tags: []corim.Tag{[]byte{0x01, 0x02, 0x03}},
}
assert.True(t, matchesCoRIM(digest, m))
})
t.Run("unparseable ComidTag payload is skipped", func(t *testing.T) {
bad := append(append([]byte{}, corim.ComidTag...), 0xFF, 0xFE)
m := &corim.UnsignedCorim{Tags: []corim.Tag{bad}}
assert.True(t, matchesCoRIM(digest, m))
})
}
tools/nvidia-attestation-helper/Cargo.lock
Generated
+308
View File
@@ -0,0 +1,308 @@
# This file is automatically @generated by Cargo.
# It is not intended for manual editing.
version = 4
[[package]]
name = "aho-corasick"
version = "1.1.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ddd31a130427c27518df266943a5308ed92d4b226cc639f5a8f1002816174301"
dependencies = [
"memchr",
]
[[package]]
name = "anyhow"
version = "1.0.102"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
[[package]]
name = "bindgen"
version = "0.72.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "993776b509cfb49c750f11b8f07a46fa23e0a1386ffc01fb1e7d343efc387895"
dependencies = [
"bitflags",
"cexpr",
"clang-sys",
"itertools",
"log",
"prettyplease",
"proc-macro2",
"quote",
"regex",
"rustc-hash",
"shlex",
"syn",
]
[[package]]
name = "bitflags"
version = "2.11.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3"
[[package]]
name = "cexpr"
version = "0.6.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
dependencies = [
"nom",
]
[[package]]
name = "cfg-if"
version = "1.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
[[package]]
name = "clang-sys"
version = "1.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
dependencies = [
"glob",
"libc",
"libloading",
]
[[package]]
name = "either"
version = "1.15.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "48c757948c5ede0e46177b7add2e67155f70e33c07fea8284df6576da70b3719"
[[package]]
name = "glob"
version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0cc23270f6e1808e30a928bdc84dea0b9b4136a8bc82338574f23baf47bbd280"
[[package]]
name = "itertools"
version = "0.13.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "413ee7dfc52ee1a4949ceeb7dbc8a33f2d6c088194d9f922fb8318faf1f01186"
dependencies = [
"either",
]
[[package]]
name = "itoa"
version = "1.0.18"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682"
[[package]]
name = "libc"
version = "0.2.185"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f"
[[package]]
name = "libloading"
version = "0.8.9"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55"
dependencies = [
"cfg-if",
"windows-link",
]
[[package]]
name = "log"
version = "0.4.29"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
[[package]]
name = "memchr"
version = "2.8.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
[[package]]
name = "minimal-lexical"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
[[package]]
name = "nom"
version = "7.1.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
dependencies = [
"memchr",
"minimal-lexical",
]
[[package]]
name = "nv-attestation-sdk"
version = "1.2.0"
source = "git+https://github.com/NVIDIA/attestation-sdk?branch=main#82d29930f5cbc9d689393844132ac0d733b1f499"
dependencies = [
"nv-attestation-sdk-sys",
]
[[package]]
name = "nv-attestation-sdk-sys"
version = "1.2.0"
source = "git+https://github.com/NVIDIA/attestation-sdk?branch=main#82d29930f5cbc9d689393844132ac0d733b1f499"
dependencies = [
"bindgen",
]
[[package]]
name = "nvidia-attestation-helper"
version = "0.1.0"
dependencies = [
"anyhow",
"nv-attestation-sdk",
"serde",
"serde_json",
]
[[package]]
name = "prettyplease"
version = "0.2.37"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
dependencies = [
"proc-macro2",
"syn",
]
[[package]]
name = "proc-macro2"
version = "1.0.106"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934"
dependencies = [
"unicode-ident",
]
[[package]]
name = "quote"
version = "1.0.45"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
dependencies = [
"proc-macro2",
]
[[package]]
name = "regex"
version = "1.12.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e10754a14b9137dd7b1e3e5b0493cc9171fdd105e0ab477f51b72e7f3ac0e276"
dependencies = [
"aho-corasick",
"memchr",
"regex-automata",
"regex-syntax",
]
[[package]]
name = "regex-automata"
version = "0.4.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e1dd4122fc1595e8162618945476892eefca7b88c52820e74af6262213cae8f"
dependencies = [
"aho-corasick",
"memchr",
"regex-syntax",
]
[[package]]
name = "regex-syntax"
version = "0.8.10"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
[[package]]
name = "rustc-hash"
version = "2.1.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "94300abf3f1ae2e2b8ffb7b58043de3d399c73fa6f4b73826402a5c457614dbe"
[[package]]
name = "serde"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
dependencies = [
"serde_core",
"serde_derive",
]
[[package]]
name = "serde_core"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
dependencies = [
"serde_derive",
]
[[package]]
name = "serde_derive"
version = "1.0.228"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
dependencies = [
"proc-macro2",
"quote",
"syn",
]
[[package]]
name = "serde_json"
version = "1.0.149"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
dependencies = [
"itoa",
"memchr",
"serde",
"serde_core",
"zmij",
]
[[package]]
name = "shlex"
version = "1.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
[[package]]
name = "syn"
version = "2.0.117"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
dependencies = [
"proc-macro2",
"quote",
"unicode-ident",
]
[[package]]
name = "unicode-ident"
version = "1.0.24"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75"
[[package]]
name = "windows-link"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
[[package]]
name = "zmij"
version = "1.0.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa"
tools/nvidia-attestation-helper/Cargo.toml
+1 -1
View File
@@ -6,6 +6,6 @@ license = "Apache-2.0"
[dependencies]
anyhow = "1"
nv-attestation-sdk = { git = "https://github.com/NVIDIA/attestation-sdk", branch = "main" }
nv-attestation-sdk = { git = "https://github.com/NVIDIA/attestation-sdk", rev = "82d29930f5cbc9d689393844132ac0d733b1f499" }
serde = { version = "1", features = ["derive"] }
serde_json = "1"