NVIDIA Trusted Computing Library for Rust - A comprehensive solution for confidential computing, attestation, and quote verification.
rust-nvtrust is a unified Rust library that provides secure, hardware-backed confidential computing capabilities using NVIDIA hardware. It combines attestation, confidential computing, and quote verification into a single, easy-to-use package.
-
Hardware-based Attestation
- TDX (Trust Domain Extensions) support
- SGX (Software Guard Extensions) support
- GPU attestation (local and remote)
- NVSwitch attestation
-
Confidential Computing
- Secure matrix multiplication
- Hardware-accelerated encryption (AES-256-GCM, ChaCha20-Poly1305)
- Secure machine learning inference
- Custom confidential operations
- Data encryption/decryption
-
Quote Verification
- Policy-based verification
- Measurement validation
- Certificate chain verification
- Timestamp validation
-
Substrate Integration
- Ready-to-use pallet for blockchain integration
- On-chain confidential compute requests
- Secure result verification
Add this to your Cargo.toml:
[dependencies] rust-nvtrust = { version = "0.1.0", features = ["std"] }
For no_std environments:
[dependencies] rust-nvtrust = "0.1.0" # no_std by default
use rust_nvtrust::{ AttestationService, create_confidential_compute, ConfidentialOperation, create_default_policy_validator, }; // Initialize attestation let mut attestation = TDXAttestationService::new(); attestation.initialize(AttestationParams::default())?; // Create confidential compute instance let compute = create_confidential_compute(&attestation)?; // Execute confidential operation let operation = ConfidentialOperation::MatrixMultiply { matrix_a: vec![1.0, 2.0, 3.0, 4.0], matrix_b: vec![5.0, 6.0, 7.0, 8.0], rows_a: 2, cols_a: 2, cols_b: 2, }; let result = compute.execute_confidential(&operation, &input_data)?;
use rust_nvtrust::verifiers::{PolicyValidatorBuilder, Evidence}; // Create policy validator let policy = PolicyValidatorBuilder::new() .require_measurement("gpu_measurement") .allow_algorithm("sha256") .allow_device_id("gpu-01") .set_max_age(Duration::hours(24)) .require_certificates(true) .build(); // Verify evidence let is_valid = policy.validate(&evidence)?;
- Add the pallet to your runtime's dependencies:
[dependencies] nvidia-confidential-compute-pallet = { version = "0.1.0", default-features = false }
- Implement the configuration trait:
impl nvidia_confidential_compute_pallet::Config for Runtime { type RuntimeEvent = RuntimeEvent; type Currency = Balances; type MaxDataSize = ConstU32<1048576>; type AttestationService = TDXAttestationService; }
The library consists of three main components:
-
Attestation Module
- Hardware attestation services
- Quote generation and verification
- Evidence collection and validation
-
Confidential Computing Module
- Secure operation execution
- Data encryption/decryption
- Hardware-backed security
-
Verification Module
- Policy-based verification
- Measurement validation
- Certificate management
- Always verify attestation reports before processing data
- Use policy validation for evidence verification
- Keep encryption keys secure
- Regularly update trusted measurements
- Monitor attestation timestamps
- Implement proper error handling
We welcome contributions! Please see our contributing guidelines for more information.
This project is licensed under the MIT License - see the LICENSE file for details.
- NVIDIA Corporation
- OpenSSL Project
- Ring Crypto Library
For support, please:
- Check the documentation
- Search existing issues
- Create a new issue if needed