On Tue, 2023-10-03 at 15:39 +0100, Jonathan Cameron wrote: > On Thu, 28 Sep 2023 19:32:37 +0200 > Lukas Wunner <lukas@xxxxxxxxx> wrote: > > > From: Jonathan Cameron <Jonathan.Cameron@xxxxxxxxxx> > > > > The Security Protocol and Data Model (SPDM) allows for > > authentication, > > measurement, key exchange and encrypted sessions with devices. > > > > A commonly used term for authentication and measurement is > > attestation. > > > > SPDM was conceived by the Distributed Management Task Force (DMTF). > > Its specification defines a request/response protocol spoken > > between > > host and attached devices over a variety of transports: > > > > https://www.dmtf.org/dsp/DSP0274 > > > > This implementation supports SPDM 1.0 through 1.3 (the latest > > version). > > I've no strong objection in allowing 1.0, but I think we do need > to control min version accepted somehow as I'm not that keen to get > security folk analyzing old version... Agreed. I'm not sure we even need to support 1.0 > > > It is designed to be transport-agnostic as the kernel already > > supports > > two different SPDM-capable transports: > > > > * PCIe Data Object Exchange (PCIe r6.1 sec 6.30, drivers/pci/doe.c) > > * Management Component Transport Protocol (MCTP, > > Documentation/networking/mctp.rst) > > The MCTP side of things is going to be interesting because mostly you > need to jump through a bunch of hoops (address assignment, routing > setup > etc) before you can actually talk to a device. That all involves > a userspace agent. So I'm not 100% sure how this will all turn out. > However still makes sense to have a transport agnostic implementation > as if nothing else it makes it easier to review as keeps us within > one specification. This list will probably expand in the future though > > > > Use cases for SPDM include, but are not limited to: > > > > * PCIe Component Measurement and Authentication (PCIe r6.1 sec > > 6.31) > > * Compute Express Link (CXL r3.0 sec 14.11.6) > > * Open Compute Project (Attestation of System Components r1.0) > > > > https://www.opencompute.org/documents/attestation-v1-0-20201104-pdf > > Alastair, would it make sense to also call out some of the storage > use cases you are interested in? I don't really have anything to add at the moment. I think PCIe CMA covers the current DOE work Alistair
