The "old" cocli, downloaded via the instructions at README.md
go install github.com/veraison/cocli@latest
was able to decode .cbor files provided by vendors, provided the first 6 bytes - the IANA vendor tags from the earlier draft spec - were removed.
Many vendors include these instructions on their websites. Here are just 2:
https://www.solidigm.com/support-page/drivers-downloads/ka-01851.html
https://docs.nvidia.com/networking/display/dpunicattestation/example+commands
If you download the example cbor files from the vendors above
Solidigm: https://sdmsdfwdriver.blob.core.windows.net/files/kba-gcc/drivers-downloads/ka-01851/ps10xx-e3s-2tb-cbor.zip
Nvidia: curl -s 'https://rim.attestation.nvidia.com/v1/rim/NV_NIC_FIRMWARE_CX7_28.44.1036_MCX755106AS-HEA' | jq -r '.rim' | base64 -d > NV_NIC_FIRMWARE_CX7_28.44.1036_MCX755106AS-HEA.cbor
cocli claims the above files are invalid:
cocli corim display -f NV_NIC_FIRMWARE_CX7_28.44.1036_MCX755106AS-HEA.cbor
Error: error decoding CoRIM (signed or unsigned) from NV_NIC_FIRMWARE_CX7_28.44.1036_MCX755106AS-HEA.cbor: did not see unsigned CoRIM tag
For reference, with the prior cocli, following the trimming instructions, these files were printable with cocli:
-
trim the leading 6 bytes as the vendors indicate:
dd bs=1 skip=6 if= of=<untagged.corim>
-
use old cocli to decode the untagged file:
cocli corim display -f NV_NIC_FIRMWARE_CX7_28.44.1036_MCX755106AS-HEA.cbor-untagged -v |grep id
"corim-id": "ConnectX-7_28.44.1036",
"href": "https://docs.ndis.nvidia.com/certs/corim/nvidia-corim-signer-cx7-id-2.pem",
"tag-identity": {
"id": "15b3102115b3002200-28.44.1036"
cocli needs to be backwards compatible and support all of these existing published .cbor files that vendors have already distributed
The "old" cocli, downloaded via the instructions at README.md
was able to decode .cbor files provided by vendors, provided the first 6 bytes - the IANA vendor tags from the earlier draft spec - were removed.
Many vendors include these instructions on their websites. Here are just 2:
https://www.solidigm.com/support-page/drivers-downloads/ka-01851.html
https://docs.nvidia.com/networking/display/dpunicattestation/example+commands
If you download the example cbor files from the vendors above
Solidigm: https://sdmsdfwdriver.blob.core.windows.net/files/kba-gcc/drivers-downloads/ka-01851/ps10xx-e3s-2tb-cbor.zip
Nvidia: curl -s 'https://rim.attestation.nvidia.com/v1/rim/NV_NIC_FIRMWARE_CX7_28.44.1036_MCX755106AS-HEA' | jq -r '.rim' | base64 -d > NV_NIC_FIRMWARE_CX7_28.44.1036_MCX755106AS-HEA.cbor
cocli claims the above files are invalid:
For reference, with the prior cocli, following the trimming instructions, these files were printable with cocli:
trim the leading 6 bytes as the vendors indicate:
dd bs=1 skip=6 if= of=<untagged.corim>
use old cocli to decode the untagged file:
cocli corim display -f NV_NIC_FIRMWARE_CX7_28.44.1036_MCX755106AS-HEA.cbor-untagged -v |grep id
"corim-id": "ConnectX-7_28.44.1036",
"href": "https://docs.ndis.nvidia.com/certs/corim/nvidia-corim-signer-cx7-id-2.pem",
"tag-identity": {
"id": "15b3102115b3002200-28.44.1036"
cocli needs to be backwards compatible and support all of these existing published .cbor files that vendors have already distributed