ConnectX-7 Measurements | Device Attestation and CoRIM-based Reference Measurement Sharing

The measurement specification for all the indices listed in the tables below is: 0x01 (DMTF).

Version 1.0.0

The table below shows the measurements supported starting from firmware version 28.38.xxxx.

Index	Measurement	Value	Description	What is measured?	Part of CoRIM?
1	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-0: IC Security Parameters (Fuse, Straps)	No
1	DMTFSpecMeasurementValueSize	64	SHA2-512 hash	M-0: IC Security Parameters (Fuse, Straps)	No
2	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-1: First mutable code	Yes
2	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
3	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-2: Secondary boot sequencing code	Yes
3	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
4	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-3: Runtime Code	Yes
4	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
5	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-4: Hashes manifest	Yes
5	DMTFSpecMeasurementValueSize	64	SHA2-512 hash

Version 1.1.0

The table below shows the measurements supported starting from the firmware releases after April 2025.

Index	Measurement	Value	Description	What is measured?	Part of CoRIM?
1	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-0: IC Security Parameters (Fuse, Straps)	No
1	DMTFSpecMeasurementValueSize	64	SHA2-512 hash	M-0: IC Security Parameters (Fuse, Straps)	No
2	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-1: First mutable code	Yes
2	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
3	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-2: Secondary boot sequencing code	Yes
3	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
4	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-3: Runtime Code	Yes
4	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
5	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-4: Hashes manifest	Yes
5	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
6	DMTFSpecMeasurementValueType	0x83	Raw bitstream, FW Config	Measurement Block version Interpret as Semver2.0 ((https://semver.org/). Byte 3: Major Version Byte 2-1: Minor Version Byte 0: is patch	Yes
6	DMTFSpecMeasurementValueSize	4	4-byte unsigned Integer, little endian		Yes
7	DMTFSpecMeasurementValueType	0x81	Raw bitstream, Device Identifier	Device Identifier (DID, VID, SVID, SID) as defined by PCISIG and a vendor defined byte. Byte 1:2 - Vendor ID Byte 3:4 - Device ID Byte 5:6 - Subsystem Vendor ID Byte 7:8 - Subsystem ID Byte 9 - Vendor defined byte All multi-byte fields are little endian (uint16_t)	Yes
7	DMTFSpecMeasurementValueSize	9	Raw bitstream		Yes

Version 1.2.0

The table below shows the measurements supported in future firmware releases. The first release to intercept this definition will be updated.

Index	Measurement	Value	Description	What is measured?	Part of CoRIM?
1	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-0: IC Security Parameters (Fuse, Straps)	No
1	DMTFSpecMeasurementValueSize	64	SHA2-512 hash	M-0: IC Security Parameters (Fuse, Straps)	No
2	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-1: First mutable code	Yes
2	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
3	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-2: Secondary boot sequencing code	Yes
3	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
4	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-3: Runtime Code	Yes
4	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
5	DMTFSpecMeasurementValueType	0x01	Hash, mutable FW	M-4: Hashes manifest	Yes
5	DMTFSpecMeasurementValueSize	64	SHA2-512 hash
6	DMTFSpecMeasurementValueType	0x83	Raw bitstream, FW Config	Measurement Block version Interpret as Semver2.0 ((https://semver.org/). Byte 3: Major Version Byte 2-1: Minor Version Byte 0: is patch	Yes
6	DMTFSpecMeasurementValueSize	4	4-byte unsigned Integer, little endian		Yes
7	DMTFSpecMeasurementValueType	0x83	Raw bitstream, FW Config	Debug tokens runtime status (32-bit): Bit 0-1: Runtime token (customer support) Bit 2-3: Debug FW Token Bit 4-5: FRC token ... Bit 6-31 reserved Each pair consists of: Bit 0: Runtime Token Applied Since Last Reset (1 bit) Bit 1: Runtime Token Currently In Use (1 bit)	Yes; The expected value is a clean state (all zero bytes)
7	DMTFSpecMeasurementValueSize	4	4-byte unsigned Integer, little endian		Yes; The expected value is a clean state (all zero bytes)
8	DMTFSpecMeasurementValueType	0x81	Raw bitstream, Device Identifier	Device Identifier (DID, VID, SVID, SID) as defined by PCISIG and a vendor defined byte. Byte 1:2 - Vendor ID Byte 3:4 - Device ID Byte 5:6 - Subsystem Vendor ID Byte 7:8 - Subsystem ID Byte 9 - Vendor defined byte All multi-byte fields are little endian (uint16_t)	Yes
8	DMTFSpecMeasurementValueSize	9	Raw bitstream		Yes

Last updated: May 19, 2025