Resources from: https://images.nvidia.com/aem-dam/en-zz/Solutions/data-center/HCC-Whitepaper-v1.0.pdf

Host Side

1. Secure Boot: BIOS validates the certificates of the main OS (boot loader)
2. BL boots kernel, and the kernel validates the firmware (as it has access to the firmware after loaded)
3. Kernel drivers query the mother board vendor: validate the certificates (stored)
4. Conduct attestation of the hardware (e.g., firmware configurations)

Guest Side

The CVM still needs to ensure the GPU is trusted.