Perspectives in Security Measurement utilizing the DMTF Security Protocol and Data Model (SPDM)

Jeff Plank
Microchip

Securing the operational state of embedded components has become an ever increasing topic among the industry. Much of the industry has secured the platforms upon which they operate but the embedded components have become the next bastion of enforcing a security model. Many of the devices have now incorporated concepts of secure boot and active attestation (measurement) of the device state. Secure communication of the measurement of the hardware and firmware states of active components in the server has become the next problem to solve.

In this talk, we will cover the latest proposed security protocols coming from the DMTF for the communication of authentication credentials and attestation states of MCTP enabled discrete device. Trusted reporting enables a central trust process to perform corrective action when necessary and to confirm the integrity of the platform. Both the current work in progress SPDM 1.0 specification will be covered as well as a preview of the work in progress materials for SPDM 1.1.

References

• DMTF, Security Protocol and Data Model (SPDM) Specification (1.0 draft) (Oct 2019)
• DMTF, SPDM 1.1: Session Key Exchange Protocols (Aug 2019)

Resources

• DMTF, Platform Management Components Intercommunication (PMCI) WG

Related

• Intel, PCIe Device Security Enhancements Specification (Sep 2018)
• TCG, Device Identifier Composition Engine (DICE) Architectures WG
• IETF, Remote ATtestation ProcedureS (rats) WG