Releases · openvinotoolkit/npu_compiler

19 Nov 23:29

Maxim-Doronin

Immutable

npu_ud_2025_44_rc1

a934b15

UD2025.44 Latest

Latest

Supported platforms

NPU37XX Intel® Core™ Ultra Processors (Series 1) (Products formerly known as Meteor Lake and Arrow Lake)
NPU40XX Intel® Core™ Ultra Processors (Series 2) (Products known as Lunar Lake)

Release notes

The UD2025.44 Release Notes have been published as part of the Intel® NPU Windows Driver release notes, including the integrated NPU Compiler component.

Dependencies

OpenVINO - openvino_config.json.
OpenCV - opencv_version.json.

NPU Linux Driver

The following driver version was used for NPU Compiler UD2025.44 Continuous Integration.

Linux NPU Driver - linux_npu_driver_config.json.

The following driver version contains NPU Compiler UD2025.44 as a binary component

Linux NPU Driver v1.26.0

Artifacts Information and supply-chain security

Click to expand

📦 Artifacts Information

This release provides three CiD (Compiler-in-Driver) binary packages for integration into the NPU Driver on the following platforms:

Windows 11
Ubuntu 22.04
Ubuntu 24.04

To ensure end-to-end supply-chain security, both the release and each individual artifact are protected by multiple integrity guarantees:

Digital signatures via Sigstore Cosign — any modification to a signed artifact invalidates the signature.
GitHub artifact provenance attestations — each artifact is accompanied by a build-provenance attestation published on the repository’s attestations page.
Immutable GitHub Release — the release tag and all assets are permanently locked after publication and cannot be modified, replaced, or deleted.

All commands below work on any platform. On Windows (CMD/PowerShell), simply replace the line-continuation symbol \ with ^.

🔐 Cosign Digital Signatures

Cosign provides cryptographic verification of both the artifact content and the associated Rekor entry. Together, these systems guarantee that each artifact originates exactly from this repository’s CI pipeline and has not been modified post-publication and allow anyone to validate that this artifact was produced by the official GitHub Actions workflow for this repository.
Each release artifact includes a signature bundle named:

<artifact>.sigstore.json

This bundle contains:

A Sigstore Fulcio certificate. Fulcio issues a short-lived signing certificate that binds the signature to the GitHub Actions workflow identity.
A Rekor transparency log entry. Rekor stores the transparency log record, ensuring the signature is publicly auditable and cannot be altered.
Signature metadata (SCT, inclusion proof, signature, etc.)

Verify the Signature Online

You can verify the published transparency-log record using:

https://search.sigstore.dev/?hash=<sha256>

To get the <sha256> digest, use the Copy SHA256 button next to any release asset in the GitHub release UI.

Verify the Signature Locally

Install Cosign
Follow the official guide: https://docs.sigstore.dev/cosign/system_config/installation
Download the files
- <artifact_name>
- <artifact_name>.sigstore.json

Run the verification

cosign verify-blob \
    --bundle <artifact_name>.sigstore.json \
    --certificate-identity https://github.com/openvinotoolkit/npu_compiler/.github/workflows/job_build_cid.yml@refs/tags/npu_ud_2025_44_rc1 \
    --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
    <artifact_name>

Note: On Windows, the Cosign executable may be named differently (for example, cosign-windows-amd64.exe). Adjust the command accordingly when running verification.

Successful verification
```
Verified OK
```

🧾 GitHub Release Asset Attestations (Build Provenance)

GitHub automatically generates a build-provenance attestation for each artifact created by GitHub Actions.

These attestations confirm:

Which workflow built the artifact
Which commit and tag were used
That the artifact content matches the workflow output exactly

Verify Attestation Locally

Install & authenticate GitHub CLI
Installation: https://cli.github.com/
Login:
```
gh auth login
```

Verify the artifact attestation

gh attestation verify <artifact_name> \
  --repo openvinotoolkit/npu_compiler \
  --source-ref refs/tags/npu_ud_2025_44_rc1 \
  --signer-workflow "github.com/openvinotoolkit/npu_compiler/.github/workflows/job_build_cid.yml@refs/tags/npu_ud_2025_44_rc1"

Successful verification

The following policy criteria will be enforced:
- Predicate type must match:................ https://slsa.dev/provenance/v1
- Source Repository Owner URI must match:... https://github.com/openvinotoolkit
- Source Repository URI must match:......... https://github.com/openvinotoolkit/npu_compiler
- Source repo ref must match:............... refs/tags/npu_ud_2025_44_rc1
- Subject Alternative Name must match regex: ^https://github.com/openvinotoolkit/npu_compiler/.github/workflows/job_build_cid.yml@refs/tags/npu_ud_2025_44_rc1
- OIDC Issuer must match:................... https://token.actions.githubusercontent.com

✓ Verification succeeded!

The following 1 attestation matched the policy criteria

- Attestation #1
  - Build repo:..... openvinotoolkit/npu_compiler
  - Build workflow:. .github/workflows/job_build_cid.yml@refs/tags/npu_ud_2025_44_rc1
  - Signer repo:.... openvinotoolkit/npu_compiler
  - Signer workflow: .github/workflows/job_build_cid.yml@refs/tags/npu_ud_2025_44_rc1

🛡️ Immutable GitHub Release Verification

Immutable Releases ensure that neither the release tag nor the associated assets can be changed after publication. This prevents supply-chain tampering and increases long-term auditability.

Verify the Integrity of the Release itself

Install & authenticate GitHub CLI
```
gh auth login
```

Verify the immutable release

gh release verify \
  --repo openvinotoolkit/npu_compiler \
  npu_ud_2025_44_rc1

Successful verification
GitHub CLI confirms that the release is immutable and the attestation is valid

 Resolved tag npu_ud_2025_44_rc1 to sha1:a934b15d7494c4961afd51cf6c896b15d1fabd8c
 Loaded attestation from GitHub API
 ✓ Release npu_ud_2025_44_rc1 verified!
 
 Assets
 NAME                                                                                                                                                 DIGEST
 l_vpux_compiler_l0_linux_ubuntu_22_04-7_4_3-Release_dyntbb_postcommit_cid_a934b15d7494c4961afd51cf6c896b15d1fabd8c_251119_2122.tar.gz                sha256:5550c378d21cad5d5ea3d95b07ae565626132abe218d8b09dfbefe43d54ea26c
 l_vpux_compiler_l0_linux_ubuntu_22_04-7_4_3-Release_dyntbb_postcommit_cid_a934b15d7494c4961afd51cf6c896b15d1fabd8c_251119_2122.tar.gz.sigstore.json  sha256:26e87ab8ff67a5eba916b508db381e9091e6676177d0483deee198bbb2558b64
 l_vpux_compiler_l0_linux_ubuntu_24_04-7_4_3-Release_dyntbb_postcommit_cid_a934b15d7494c4961afd51cf6c896b15d1fabd8c_251119_2204.tar.gz                sha256:328059b6af98ac8b97dfaf6d3585381401872239cdc06fdbbc7bf6d449d771a6
 l_vpux_compiler_l0_linux_ubuntu_24_04-7_4_3-Release_dyntbb_postcommit_cid_a934b15d7494c4961afd51cf6c896b15d1fabd8c_251119_2204.tar.gz.sigstore.json  sha256:f4b9bd6752b86ef030ac471ab2b7223a228670cbe0bfeb73e9fd12f4d3516a58
 w_vpux_compiler_l0_win_windows_2022-7_4_3-Release_dyntbb_postcommit_cid_a934b15d7494c4961afd51cf6c896b15d1fabd8c_251119_2122.zip                     sha256:e4ebae74faef881c4fa175c4e88f311fcc0a5da0e2e053af938a49c6ce69238a
 w_vpux_compiler_l0_win_windows_2022-7_4_3-Release_dyntbb_postcommit_cid_a934b15d7494c4961afd51cf6c896b15d1fabd8c_251119_2122.zip.sigstore.json       sha256:8ce7298b79a9f2b461cc2fdf85eb034e87c51e02560e2abd48c5554a4c63de54

Assets 9

29 Sep 11:49

Maxim-Doronin

npu_ud_2025_38_rc4

a826bd9

UD2025.38

NPU Compiler UD2025.38 release for NPU37XX and NPU40XX

Dependencies

OpenVINO - openvino_config.json.
OpenCV - opencv_version.json.

NPU Linux Driver

The following driver version was used for NPU Compiler UD2025.38 Continuous Integration.

Linux NPU Driver - linux_npu_driver_config.json.

The following driver version contains NPU Compiler UD2025.38 as a binary component

Linux NPU Driver v1.24.0

Cosign digital signature

Detailed information about the digital signature

Summary

Starting with UD2025.38, every CiD (Compiler in Driver) package is digitally signed using the open-source Sigstore Cosign tool.
This guarantees the authenticity and integrity of each release artifact: any modification after signing will invalidate the signature.

Each release asset includes:

<artifact>.sig — the signature file
<artifact>.pem — the signing certificate issued by Sigstore Fulcio

These files allow anyone to independently verify that a given CiD package was produced by the official GitHub Actions workflow for this repository.

Verify the signature online

You can confirm the existence of the public Sigstore record (Rekor transparency log) using the following links:

Linux CiD package:
https://search.sigstore.dev/?hash=sha256:7097f3d12cca491ffcd2418826ac708dbd92a563340a856cd529c1bc0a3cf9d1
Windows CiD package:
https://search.sigstore.dev/?hash=sha256:329ab7e03bafbf4de6e28cae6aaae74216302ba3c702ddde56446e94934ae8db

Verify the signature locally

Install Sigstore Cosign: follow the official installation guide https://docs.sigstore.dev/cosign/system_config/installation
Run Cosign verification

Windows (CMD or PowerShell):

cosign-windows-amd64 verify-blob ^
    --certificate <artifact_name>.pem ^
    --signature <artifact_name>.sig ^
    --certificate-identity https://github.com/openvinotoolkit/npu_compiler/.github/workflows/job_build_cid.yml@refs/tags/npu_ud_2025_38_rc4 ^
    --certificate-oidc-issuer "https://token.actions.githubusercontent.com" ^
    <artifact_name>

Linux / macOS (Bash):

cosign verify-blob \
    --certificate <artifact_name>.pem \
    --signature <artifact_name>.sig \
    --certificate-identity https://github.com/openvinotoolkit/npu_compiler/.github/workflows/job_build_cid.yml@refs/tags/npu_ud_2025_38_rc4 \
    --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
    <artifact_name>

If the verification succeeds, Cosign prints:

Verified OK

Additional information

Fulcio provides the short-lived signing certificate bound to the official GitHub Actions workflow identity.
Rekor records each signature in an immutable, public transparency log.
Cosign verifies both the cryptographic integrity and the log entry, ensuring that the artifact originates from this repository’s CI pipeline.

Assets 8