[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 2/3] backends: Initial support for SPDM socket support
|
From: |
Jonathan Cameron |
|
Subject: |
Re: [PATCH v2 2/3] backends: Initial support for SPDM socket support |
|
Date: |
Tue, 17 Oct 2023 11:04:44 +0100 |
On Tue, 17 Oct 2023 15:21:54 +1000
Alistair Francis <alistair23@gmail.com> wrote:
> From: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
>
> SPDM enables authentication, attestation and key exchange to assist in
> providing infrastructure security enablement. It's a standard published
> by the DMTF [1].
>
> SPDM supports multiple transports, including PCIe DOE and MCTP.
> This patch adds support to QEMU to connect to an external SPDM
> instance.
>
> SPDM support can be added to any QEMU device by exposing a
> TCP socket to a SPDM server. The server can then implement the SPDM
> decoding/encoding support, generally using libspdm [2].
>
> This is similar to how the current TPM implementation works and means
> that the heavy lifting of setting up certificate chains, capabilities,
> measurements and complex crypto can be done outside QEMU by a well
> supported and tested library.
>
> 1: https://www.dmtf.org/standards/SPDM
> 2: https://github.com/DMTF/libspdm
>
> Signed-off-by: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
> Signed-off-by: Chris Browy <cbrowy@avery-design.com>
> Co-developed-by: Jonathan Cameron <Jonathan.cameron@huawei.com>
> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> [ Changes by WM
> - Bug fixes from testing
> ]
> Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
> [ Changes by AF:
> - Convert to be more QEMU-ified
> - Move to backends as it isn't PCIe specific
> ]
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
LGTM. Will be interesting to see how this evolves as we put more
requirements on it.
Given I already signed off, I won't give another tag as that would be
extremely confusing.