Kernels documentation

kernels verify-signature

Hugging Face's logo
Join the Hugging Face community

and get access to the augmented documentation experience

to get started

kernels verify-signature

Use kernels verify-signature to verify the metadata signature and check that kernel files match the digest embedded in the metadata.

Usage

kernels verify-signature <repo_id> <version> [--all-variants] \
  [--filter-unsigned] [--filter-no-digest]

What It Does

  • Checks that the signing identity in metadata.json.sigstore is approved.
  • Verifies that metadata.json is not tampered with, using the signature in metadata.json.sigstore.
  • Verifies that other kernel files are not tampered with, using the digest in metadata.json.

Examples

Verify version 1 of the kernels-community/relu kernel. Only checks the variant that is compatible with the current system:

kernels verify-signature kernels-community/relu 1

Verify all build variants of the same kernel:

kernels verify-signature kernels-community/relu 1 --all-variants

Example Output

$ kernels verify-signature kernels-community/relu 1
✅ torch211-cxx11-cu126-x86_64-linux: kernel metadata is correctly signed
$ kernels verify-signature kernels-community/flash-attn2 1
❌ torch211-cxx11-cu126-x86_64-linux: cannot verify kernel integrity, signature not found

Options

Option Description
--all-variants Verify all build variants of each kernel instead of just the variant that is compatible with the current system.
--filter-no-digest Skip variants that do not have a digest in the metadata (typically older builds that precede code signing).
--filter-unsigned Skip variants that do not have a detached signature (typically older builds that precede code signing).
Update on GitHub