Re: [PATCH 07/12] spdm: Introduce library to authenticate devices

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Oct 12, 2023 at 03:26:44AM +0000, Alistair Francis wrote:
> On Tue, 2023-10-03 at 15:39 +0100, Jonathan Cameron wrote:
> > On Thu, 28 Sep 2023 19:32:37 +0200 Lukas Wunner <lukas@xxxxxxxxx> wrote:
> > > This implementation supports SPDM 1.0 through 1.3 (the latest
> > > version).
> > 
> > I've no strong objection in allowing 1.0, but I think we do need
> > to control min version accepted somehow as I'm not that keen to get
> > security folk analyzing old version...
> 
> Agreed. I'm not sure we even need to support 1.0

According to PCIe r6.1 page 115 ("Reference Documents"):

   "CMA requires SPDM Version 1.0 or above.  IDE requires SPDM Version 1.1
    or above.  TDISP requires version 1.2 or above."

This could be interpreted as SPDM 1.0 support being mandatory to be
spec-compliant.  Even if we drop support for 1.0 from the initial
bringup patches, someone could later come along and propose a patch
to re-add it on the grounds of the above-quoted spec section.
So I think we can't avoid it.

Thanks,

Lukas



[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]
  Powered by Linux