NVIDIA Trusted Computing Library for Rust - A comprehensive solution for confidential computing, attestation, and quote verification.
rust-nvtrust is a unified Rust library that provides secure, hardware-backed confidential computing capabilities using NVIDIA hardware. It combines attestation, confidential computing, and quote verification into a single, easy-to-use package.
-
Hardware-based Attestation
- TDX (Trust Domain Extensions) support
- SGX (Software Guard Extensions) support
- GPU attestation (local and remote)
- NVSwitch attestation
-
Confidential Computing
- Secure matrix multiplication
- Hardware-accelerated encryption (AES-256-GCM, ChaCha20-Poly1305)
- Secure machine learning inference
- Custom confidential operations
- Data encryption/decryption
-
Quote Verification
- Policy-based verification
- Measurement validation
- Certificate chain verification
- Timestamp validation
-
Substrate Integration
- Ready-to-use pallet for blockchain integration
- On-chain confidential compute requests
- Secure result verification
Add this to your Cargo.toml:
[dependencies]
rust-nvtrust = { version = "0.1.0", features = ["std"] }For no_std environments:
[dependencies]
rust-nvtrust = "0.1.0" # no_std by defaultuse rust_nvtrust::{
AttestationService,
create_confidential_compute,
ConfidentialOperation,
create_default_policy_validator,
};
// Initialize attestation
let mut attestation = TDXAttestationService::new();
attestation.initialize(AttestationParams::default())?;
// Create confidential compute instance
let compute = create_confidential_compute(&attestation)?;
// Execute confidential operation
let operation = ConfidentialOperation::MatrixMultiply {
matrix_a: vec![1.0, 2.0, 3.0, 4.0],
matrix_b: vec![5.0, 6.0, 7.0, 8.0],
rows_a: 2,
cols_a: 2,
cols_b: 2,
};
let result = compute.execute_confidential(&operation, &input_data)?;use rust_nvtrust::verifiers::{PolicyValidatorBuilder, Evidence};
// Create policy validator
let policy = PolicyValidatorBuilder::new()
.require_measurement("gpu_measurement")
.allow_algorithm("sha256")
.allow_device_id("gpu-01")
.set_max_age(Duration::hours(24))
.require_certificates(true)
.build();
// Verify evidence
let is_valid = policy.validate(&evidence)?;- Add the pallet to your runtime's dependencies:
[dependencies]
nvidia-confidential-compute-pallet = { version = "0.1.0", default-features = false }- Implement the configuration trait:
impl nvidia_confidential_compute_pallet::Config for Runtime {
type RuntimeEvent = RuntimeEvent;
type Currency = Balances;
type MaxDataSize = ConstU32<1048576>;
type AttestationService = TDXAttestationService;
}The library consists of three main components:
-
Attestation Module
- Hardware attestation services
- Quote generation and verification
- Evidence collection and validation
-
Confidential Computing Module
- Secure operation execution
- Data encryption/decryption
- Hardware-backed security
-
Verification Module
- Policy-based verification
- Measurement validation
- Certificate management
- Always verify attestation reports before processing data
- Use policy validation for evidence verification
- Keep encryption keys secure
- Regularly update trusted measurements
- Monitor attestation timestamps
- Implement proper error handling
We welcome contributions! Please see our contributing guidelines for more information.
This project is licensed under the MIT License - see the LICENSE file for details.
- NVIDIA Corporation
- OpenSSL Project
- Ring Crypto Library
For support, please:
- Check the documentation
- Search existing issues
- Create a new issue if needed