This work proposes the first attribute attestation framework tailored for the full lifecycle of large generative models—such as large language models—encompassing both training and inference phases. To address the limitations of existing approaches in supporting integrity verification for generative tasks and large-scale datasets, the framework integrates Intel TDX confidential virtual machines with NVIDIA H100 security-aware GPUs, establishing end-to-end hardware-level security across CPU-GPU workflows. Furthermore, it introduces an incremental multiset hashing mechanism based on memory-mapped datasets to efficiently track data integrity. The proposed solution achieves significant advances over prior methods in scalability, generality, and security, effectively overcoming their constraints in scale and applicability.

Machine learning property attestations allow provers (e.g., model providers or owners) to attest properties of their models/datasets to verifiers (e.g., regulators, customers), enabling accountability towards regulations and policies. But, current approaches do not support generative models or large datasets. We present PAL*M, a property attestation framework for large generative models, illustrated using large language models. PAL*M defines properties across training and inference, leverages confidential virtual machines with security-aware GPUs for coverage of CPU-GPU operations, and proposes using incremental multiset hashing over memory-mapped datasets to efficiently track their integrity. We implement PAL*M on Intel TDX and NVIDIA H100, showing it is efficient, scalable, versatile, and secure.