nvflare.app_opt.confidential_computing.gpu_authorizer module

class GPUAuthorizer(verifiers: list)[source]

Bases: CCAuthorizer

Note: This is just a fake implementation for GPU authorizer. It will be replaced later with the real implementation.

Parameters:

verifiers (list) –

each element in this list is a dictionary and the keys of dictionary are “devices”, “env”, “url”, “appraisal_policy_file” and “result_policy_file.”

the values of devices are “gpu” and “cpu” the values of env are “local” and “test” currently, valid combination is gpu + local

url must be an empty string appraisal_policy_file must point to an existing file currently supports an empty file only

result_policy_file must point to an existing file currently supports the following content only

{
    "version":"1.0",
    "authorization-rules":{
        "x-nv-gpu-available":true,
        "x-nv-gpu-attestation-report-available":true,
        "x-nv-gpu-info-fetched":true,
        "x-nv-gpu-arch-check":true,
        "x-nv-gpu-root-cert-available":true,
        "x-nv-gpu-cert-chain-verified":true,
        "x-nv-gpu-ocsp-cert-chain-verified":true,
        "x-nv-gpu-ocsp-signature-verified":true,
        "x-nv-gpu-cert-ocsp-nonce-match":true,
        "x-nv-gpu-cert-check-complete":true,
        "x-nv-gpu-measurement-available":true,
        "x-nv-gpu-attestation-report-parsed":true,
        "x-nv-gpu-nonce-match":true,
        "x-nv-gpu-attestation-report-driver-version-match":true,
        "x-nv-gpu-attestation-report-vbios-version-match":true,
        "x-nv-gpu-attestation-report-verified":true,
        "x-nv-gpu-driver-rim-schema-fetched":true,
        "x-nv-gpu-driver-rim-schema-validated":true,
        "x-nv-gpu-driver-rim-cert-extracted":true,
        "x-nv-gpu-driver-rim-signature-verified":true,
        "x-nv-gpu-driver-rim-driver-measurements-available":true,
        "x-nv-gpu-driver-vbios-rim-fetched":true,
        "x-nv-gpu-vbios-rim-schema-validated":true,
        "x-nv-gpu-vbios-rim-cert-extracted":true,
        "x-nv-gpu-vbios-rim-signature-verified":true,
        "x-nv-gpu-vbios-rim-driver-measurements-available":true,
        "x-nv-gpu-vbios-index-conflict":true,
        "x-nv-gpu-measurements-match":true
    }
}

generate() str[source]

To generate and return the active CCAuthorizer token.

Returns: token string

get_namespace() str[source]

This returns the namespace of the CCAuthorizer.

Returns: namespace string

verify(token: str) bool[source]

To return the token verification result.

Parameters:

token – bool

Returns: