send SPT attestation to GCA

yawangwang · yawangwang · commit 3ec63a915926 · 2026-03-06T19:14:37.000Z
diff --git a/launcher/agent/agent.go b/launcher/agent/agent.go
@@ -268,6 +268,10 @@ func (a *agent) AttestWithClient(ctx context.Context, opts AttestAgentOpts, clie
 		v.AkCert = a.fetchedAK.CertDERBytes()
 
 		req.TDCCELAttestation = v
+		// Override the attached Nvidia GPU attestation as nil if the experiment flag is OFF.
+		if !a.launchSpec.Experiments.EnableAttestationEvidence {
+			req.TDCCELAttestation.NvidiaAttestation = nil
+		}
 	default:
 		return nil, fmt.Errorf("received an unsupported attestation type! %v", v)
 	}
diff --git a/launcher/internal/experiments/experiments.go b/launcher/internal/experiments/experiments.go
@@ -19,6 +19,7 @@ type Experiments struct {
 	EnableB200DriverInstallation bool
 	EnableH100DriverInstallation bool
 	EnableKeyManager             bool
+	EnableGpuGcaSupport          bool
 }
 
 // New takes a filepath, opens the file, and calls ReadJsonInput with the contents
diff --git a/launcher/internal/experiments/experiments_test.go b/launcher/internal/experiments/experiments_test.go
@@ -19,13 +19,15 @@ func TestExperiments(t *testing.T) {
 				EnableB200DriverInstallation: true,
 				EnableH100DriverInstallation: true,
 				EnableKeyManager:             false,
+				EnableGpuGcaSupport:          false,
 			},
 		},
 		{
 			input: "{\"EnableB200DriverInstallation\":true}",
 			expectedExps: Experiments{
 				EnableB200DriverInstallation: true,
 				EnableKeyManager:             false,
+				EnableGpuGcaSupport:          false,
 			},
 		},
 		{
@@ -34,13 +36,26 @@ func TestExperiments(t *testing.T) {
 				EnableTestFeatureForImage: true,
 				EnableItaVerifier:         true,
 				EnableVerifyCS:            true,
+				EnableGpuGcaSupport:       false,
 			},
 		},
 		{
 			input: "{\"EnableB200DriverInstallation\":true,\"EnableKeyManager\":true}",
 			expectedExps: Experiments{
 				EnableB200DriverInstallation: true,
 				EnableKeyManager:             true,
+				EnableGpuGcaSupport:          false,
+			},
+		},
+		{
+			input: "{\"EnableGpuGcaSupport\":true,\"EnableH100DriverInstallation\":true,\"EnableB200DriverInstallation\":false,\"EnableTestFeatureForImage\":true,\"EnableItaVerifier\":true,\"EnableKeyManager\":false}",
+			expectedExps: Experiments{
+				EnableTestFeatureForImage:    true,
+				EnableItaVerifier:            true,
+				EnableB200DriverInstallation: false,
+				EnableH100DriverInstallation: true,
+				EnableKeyManager:             false,
+				EnableGpuGcaSupport:          true,
 			},
 		},
 	}
diff --git a/verifier/rest/rest.go b/verifier/rest/rest.go
@@ -18,6 +18,7 @@ import (
 
 	v1 "cloud.google.com/go/confidentialcomputing/apiv1"
 	ccpb "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb"
+	attestationpb "github.com/GoogleCloudPlatform/confidential-space/server/proto/gen/attestation"
 	"google.golang.org/api/iterator"
 	"google.golang.org/api/option"
 	locationpb "google.golang.org/genproto/googleapis/cloud/location"
@@ -370,6 +371,8 @@ func convertCSRequestToREST(request verifier.VerifyAttestationRequest) *ccpb.Ver
 			AkCert:      verifyAttRequest.TpmAttestation.AkCert,
 			AkCertChain: verifyAttRequest.TpmAttestation.CertChain,
 		}
+
+		csReq.NvidiaAttestation = convertNvidiaAttestationToREST(request.TDCCELAttestation.NvidiaAttestation)
 	} else { // TPM Attestation.
 		csReq.TeeAttestation = &ccpb.VerifyConfidentialSpaceRequest_TpmAttestation{
 			TpmAttestation: verifyAttRequest.TpmAttestation,
@@ -381,6 +384,38 @@ func convertCSRequestToREST(request verifier.VerifyAttestationRequest) *ccpb.Ver
 	return csReq
 }
 
+func convertNvidiaAttestationToREST(nvAtt *attestationpb.NvidiaAttestationReport) *ccpb.NvidiaAttestation {
+	// GCA only supports SPT attestation.
+	if nvAtt.GetSpt() != nil {
+		return &ccpb.NvidiaAttestation{
+			CcFeature: &ccpb.NvidiaAttestation_Spt{
+				Spt: &ccpb.NvidiaAttestation_SinglePassthroughAttestation{
+					GpuQuote: &ccpb.NvidiaAttestation_GpuInfo{
+						Uuid:                        nvAtt.GetSpt().GetGpuQuote().GetUuid(),
+						DriverVersion:               nvAtt.GetSpt().GetGpuQuote().GetDriverVersion(),
+						VbiosVersion:                nvAtt.GetSpt().GetGpuQuote().GetVbiosVersion(),
+						GpuArchitectureType:         convertGPUArchToREST(nvAtt.GetSpt().GetGpuQuote().GetGpuArchitectureType()),
+						AttestationCertificateChain: nvAtt.GetSpt().GetGpuQuote().GetAttestationCertificateChain(),
+						AttestationReport:           nvAtt.GetSpt().GetGpuQuote().GetAttestationReport(),
+					},
+				},
+			},
+		}
+	}
+	return nil
+}
+
+func convertGPUArchToREST(arch attestationpb.GpuArchitectureType) ccpb.NvidiaAttestation_GpuArchitectureType {
+	switch arch {
+	case attestationpb.GpuArchitectureType_GPU_ARCHITECTURE_TYPE_HOPPER:
+		return ccpb.NvidiaAttestation_GPU_ARCHITECTURE_TYPE_HOPPER
+	case attestationpb.GpuArchitectureType_GPU_ARCHITECTURE_TYPE_BLACKWELL:
+		return ccpb.NvidiaAttestation_GPU_ARCHITECTURE_TYPE_BLACKWELL
+	default:
+		return ccpb.NvidiaAttestation_GPU_ARCHITECTURE_TYPE_UNSPECIFIED
+	}
+}
+
 func convertToCSOpts(tokenOpts *ccpb.TokenOptions) *ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions {
 	if tokenOpts == nil {
 		return &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{
diff --git a/verifier/rest/rest_test.go b/verifier/rest/rest_test.go
@@ -11,9 +11,11 @@ import (
 	"github.com/google/uuid"
 	"google.golang.org/genproto/googleapis/rpc/status"
 	"google.golang.org/protobuf/encoding/prototext"
+	"google.golang.org/protobuf/proto"
 	"google.golang.org/protobuf/testing/protocmp"
 
 	ccpb "cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb"
+	attestationpb "github.com/GoogleCloudPlatform/confidential-space/server/proto/gen/attestation"
 	sabi "github.com/google/go-sev-guest/abi"
 	spb "github.com/google/go-sev-guest/proto/sevsnp"
 	tabi "github.com/google/go-tdx-guest/abi"
@@ -382,6 +384,115 @@ func TestConvertTokenOptionsToREST(t *testing.T) {
 	}
 }
 
+func TestConvertNvidiaAttestationToREST(t *testing.T) {
+	testcases := []struct {
+		name  string
+		nvAtt *attestationpb.NvidiaAttestationReport
+		want  *ccpb.NvidiaAttestation
+	}{
+		{
+			name:  "nil attestation",
+			nvAtt: nil,
+			want:  nil,
+		},
+		{
+			name:  "empty attestation",
+			nvAtt: &attestationpb.NvidiaAttestationReport{},
+			want:  nil,
+		},
+		{
+			name: "SPT attestation",
+			nvAtt: &attestationpb.NvidiaAttestationReport{
+				CcFeature: &attestationpb.NvidiaAttestationReport_Spt{
+					Spt: &attestationpb.NvidiaAttestationReport_SinglePassthroughAttestation{
+						GpuQuote: &attestationpb.GpuInfo{
+							Uuid:                        "test-uuid",
+							DriverVersion:               "test-driver",
+							VbiosVersion:                "test-vbios",
+							GpuArchitectureType:         attestationpb.GpuArchitectureType_GPU_ARCHITECTURE_TYPE_HOPPER,
+							AttestationCertificateChain: []byte("test-cert-chain"),
+							AttestationReport:           []byte("test-report"),
+						},
+					},
+				},
+			},
+			want: &ccpb.NvidiaAttestation{
+				CcFeature: &ccpb.NvidiaAttestation_Spt{
+					Spt: &ccpb.NvidiaAttestation_SinglePassthroughAttestation{
+						GpuQuote: &ccpb.NvidiaAttestation_GpuInfo{
+							Uuid:                        "test-uuid",
+							DriverVersion:               "test-driver",
+							VbiosVersion:                "test-vbios",
+							GpuArchitectureType:         ccpb.NvidiaAttestation_GPU_ARCHITECTURE_TYPE_HOPPER,
+							AttestationCertificateChain: []byte("test-cert-chain"),
+							AttestationReport:           []byte("test-report"),
+						},
+					},
+				},
+			},
+		},
+		{
+			name: "MPT attestation",
+			nvAtt: &attestationpb.NvidiaAttestationReport{
+				CcFeature: &attestationpb.NvidiaAttestationReport_Mpt{
+					Mpt: &attestationpb.NvidiaAttestationReport_MultiGpuSecurePassthroughAttestation{
+						GpuQuotes: []*attestationpb.GpuInfo{
+							{
+								Uuid:                        "test-uuid",
+								DriverVersion:               "test-driver",
+								VbiosVersion:                "test-vbios",
+								GpuArchitectureType:         attestationpb.GpuArchitectureType_GPU_ARCHITECTURE_TYPE_HOPPER,
+								AttestationCertificateChain: []byte("test-cert-chain"),
+								AttestationReport:           []byte("test-report"),
+							},
+						},
+					},
+				},
+			},
+			want: nil,
+		},
+	}
+
+	for _, tc := range testcases {
+		t.Run(tc.name, func(t *testing.T) {
+			got := convertNvidiaAttestationToREST(tc.nvAtt)
+			if !proto.Equal(got, tc.want) {
+				t.Errorf("convertNvidiaAttestationToREST(%v) = %v, want %v", tc.nvAtt, got, tc.want)
+			}
+		})
+	}
+}
+
+func TestConvertGPUArchToREST(t *testing.T) {
+	testcases := []struct {
+		name string
+		arch attestationpb.GpuArchitectureType
+		want ccpb.NvidiaAttestation_GpuArchitectureType
+	}{
+		{
+			name: "Hopper",
+			arch: attestationpb.GpuArchitectureType_GPU_ARCHITECTURE_TYPE_HOPPER,
+			want: ccpb.NvidiaAttestation_GPU_ARCHITECTURE_TYPE_HOPPER,
+		},
+		{
+			name: "Blackwell",
+			arch: attestationpb.GpuArchitectureType_GPU_ARCHITECTURE_TYPE_BLACKWELL,
+			want: ccpb.NvidiaAttestation_GPU_ARCHITECTURE_TYPE_BLACKWELL,
+		},
+		{
+			name: "Unspecified",
+			arch: attestationpb.GpuArchitectureType_GPU_ARCHITECTURE_TYPE_UNSPECIFIED,
+			want: ccpb.NvidiaAttestation_GPU_ARCHITECTURE_TYPE_UNSPECIFIED,
+		},
+	}
+	for _, tc := range testcases {
+		t.Run(tc.name, func(t *testing.T) {
+			if got := convertGPUArchToREST(tc.arch); got != tc.want {
+				t.Errorf("convertGPUArchToREST() = %v, want %v", got, tc.want)
+			}
+		})
+	}
+}
 func TestConvertTokenOptionsToCSOptions(t *testing.T) {
 	testcases := []struct {
 		name         string
@@ -571,6 +682,66 @@ func TestConvertCSRequestToREST(t *testing.T) {
 				SignedEntities: []*ccpb.SignedEntity{{ContainerImageSignatures: []*ccpb.ContainerImageSignature{}}},
 			},
 		},
+		{
+			name: "TDCCEL Attestation + Nvidia Attestation",
+			verifierReq: verifier.VerifyAttestationRequest{
+				TDCCELAttestation: &verifier.TDCCELAttestation{
+					TdQuote:           []byte("test td quote"),
+					CcelAcpiTable:     []byte("test CCEL table"),
+					CcelData:          []byte("test CCEL data"),
+					CanonicalEventLog: []byte("test CEL"),
+					AkCert:            []byte("test-ak-cert"),
+					IntermediateCerts: [][]byte{[]byte("chain-1"), []byte("chain-2")},
+					NvidiaAttestation: &attestationpb.NvidiaAttestationReport{
+						CcFeature: &attestationpb.NvidiaAttestationReport_Spt{
+							Spt: &attestationpb.NvidiaAttestationReport_SinglePassthroughAttestation{
+								GpuQuote: &attestationpb.GpuInfo{
+									Uuid:                        "test-uuid",
+									DriverVersion:               "test-driver",
+									VbiosVersion:                "test-vbios",
+									GpuArchitectureType:         attestationpb.GpuArchitectureType_GPU_ARCHITECTURE_TYPE_HOPPER,
+									AttestationCertificateChain: []byte("test-cert-chain"),
+									AttestationReport:           []byte("test-report"),
+								},
+							},
+						},
+					},
+				},
+			},
+			expectedReq: &ccpb.VerifyConfidentialSpaceRequest{
+				TeeAttestation: &ccpb.VerifyConfidentialSpaceRequest_TdCcel{
+					TdCcel: &ccpb.TdxCcelAttestation{
+						TdQuote:           []byte("test td quote"),
+						CcelAcpiTable:     []byte("test CCEL table"),
+						CcelData:          []byte("test CCEL data"),
+						CanonicalEventLog: []byte("test CEL"),
+					},
+				},
+				NvidiaAttestation: &ccpb.NvidiaAttestation{
+					CcFeature: &ccpb.NvidiaAttestation_Spt{
+						Spt: &ccpb.NvidiaAttestation_SinglePassthroughAttestation{
+							GpuQuote: &ccpb.NvidiaAttestation_GpuInfo{
+								Uuid:                        "test-uuid",
+								DriverVersion:               "test-driver",
+								VbiosVersion:                "test-vbios",
+								GpuArchitectureType:         ccpb.NvidiaAttestation_GPU_ARCHITECTURE_TYPE_HOPPER,
+								AttestationCertificateChain: []byte("test-cert-chain"),
+								AttestationReport:           []byte("test-report"),
+							},
+						},
+					},
+				},
+				GceShieldedIdentity: &ccpb.GceShieldedIdentity{
+					AkCert:      []byte("test-ak-cert"),
+					AkCertChain: [][]byte{[]byte("chain-1"), []byte("chain-2")},
+				},
+				Options: &ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{
+					TokenProfile: ccpb.TokenProfile_TOKEN_PROFILE_DEFAULT_EAT,
+				},
+				GcpCredentials: &ccpb.GcpCredentials{ServiceAccountIdTokens: []string{}},
+				SignedEntities: []*ccpb.SignedEntity{{ContainerImageSignatures: []*ccpb.ContainerImageSignature{}}},
+			},
+		},
 	}
 
 	cmpOpts := append(
@@ -584,6 +755,9 @@ func TestConvertCSRequestToREST(t *testing.T) {
 		cmpopts.IgnoreUnexported(ccpb.VerifyConfidentialSpaceRequest_ConfidentialSpaceOptions{}),
 		cmpopts.IgnoreUnexported(ccpb.ContainerImageSignature{}),
 		cmpopts.IgnoreUnexported(ccpb.SignedEntity{}),
+		cmpopts.IgnoreUnexported(ccpb.NvidiaAttestation{}),
+		cmpopts.IgnoreUnexported(ccpb.NvidiaAttestation_SinglePassthroughAttestation{}),
+		cmpopts.IgnoreUnexported(ccpb.NvidiaAttestation_GpuInfo{}),
 	)
 
 	for _, tc := range testcases {

Original file line number	Diff line number	Diff line change
`@@ -19,6 +19,7 @@ type Experiments struct {`
`19`	`19`	`EnableB200DriverInstallation bool`
`20`	`20`	`EnableH100DriverInstallation bool`
`21`	`21`	`EnableKeyManager bool`
	`22`	`+ EnableGpuGcaSupport bool`
`22`	`23`	`}`
`23`	`24`
`24`	`25`	`// New takes a filepath, opens the file, and calls ReadJsonInput with the contents`