Hi All, +CC list almost certainly misses people interested in this topic so please forward as appropriate. I'll start by saying I haven't moved forward much with the SPDM/CMA over Data Object Exchange proposal from the PoC that led to presenting it last year as part of the PCI etc uconf last year. https://lpc.events/event/11/contributions/1089/ https://lore.kernel.org/all/20220303135905.10420-1-Jonathan.Cameron@xxxxxxxxxx/ I'm continuing to carry the QEMU emulation but not posted for a while as we are slowly working through a backlog of CXL stuff to merge. https://gitlab.com/jic23/qemu/-/commit/f989c8cf283302c70eb5b0b73625b5357c4eb44f On the plus side, Ira is driving the DOE support forwards so that will resolve one missing precursor. We had a lot of open questions last year and many of them are still at least somewhat open; perhaps now is time to revisit? In the meantime there has been discussion[1]: [1] https://lore.kernel.org/all/CAPcyv4jb7D5AKZsxGE5X0jon5suob5feggotdCZWrO_XNaer3A@xxxxxxxxxxxxxx/ [2] https://lore.kernel.org/all/20220511191345.GA26623@xxxxxxxxx/ [3] https://lore.kernel.org/all/CAPcyv4iWGb7baQSsjjLJFuT1E11X8cHYdZoGXsNd+B9GHtsxLw@xxxxxxxxxxxxxx/ Perhaps it is worth putting in a proposal for either a session in an appropriate uconf at plumbers, or maybe a BoF given it is a broader topic than either PCI or CXL? We'll still need to dance around work in various standards bodies that we can't talk about yet, but it feels like it's worth some time hammering out a plan of attack on what we can discuss. Rough topics: * Use models. Without those hard to define the rest! * Policy. What do we do if we can't establish a secure channel? * Transports of interest. Single solution for MCTP vs PCI/CMA or not? * Session setup etc in kernel / userspace / carefully curated hybrid of the two (Dan mentioned this last one in one of the links above) There may be similarities to the discussion around TLS (much simpler though I think!) * Key management * Potential to use github.com/dmtf/libSPDM - is it suitable for any solutions (it's handy for emulation if nothing else!) * Measurement and what to do with it. * No public hardware yet, so what else should we emulate to enable work in this area. (SPDM over MCTP over I2C is on my list as easy to do in QEMU building on https://lore.kernel.org/all/20220520170128.4436-1-Jonathan.Cameron@xxxxxxxxxx/ * Many other things I've forgotten about - please add! So are people who care going to be at plumbers (in person or virtually) and if so, do we want to put forward a session proposal? Thanks, Jonathan