libspdm is a sample implementation that follows the DMTF SPDM specification
-
Specification
The SPDM and secured message follow :
DSP0274 Security Protocol and Data Model (SPDM) Specification (version 1.0.1 and version 1.1.1)
DSP0277 Secured Messages using SPDM Specification (version 1.0.0)
The MCTP and secured MCTP follow :
DSP0275 Security Protocol and Data Model (SPDM) over MCTP Binding Specification (version 1.0.0)
DSP0276 Secured MCTP Messages over MCTP Binding Specification (version 1.0.0)
The PCI DOE / IDE follow :
PCI Data Object Exchange (DOE) ECN
PCI Component Measurement and Authentication (CMA) ECN
PCI Integrity and Data Encryption (IDE) ECN
-
Both SPDM requester and SPDM responder.
-
Programming Context:
No heap is required in the SPDM lib. No writable global variable is required in the SPDM lib.
-
Implemented command and response:
SPDM 1.0: GET_VERSION, GET_CAPABILITY, NEGOTIATE_ALGORITHM, GET_DIGEST, GET_CERTIFICATE, CHALLENGE, GET_MEASUREMENT.
SPDM 1.1: KEY_EXCHANGE, FINISH, PSK_EXCHANGE, PSK_FINISH, END_SESSION, HEARTBEAT, KEY_UPDATE, ENCAPSULATED message
-
Cryptographic algorithm support:
The SPDM lib requires cryptolib API, including random number, symmetric crypto, asymmetric crypto, hash and message authentication code etc.
Current support algorithm: SHA-2, RSA-SSA/ECDSA, FFDHE/ECDHE, AES_GCM/ChaCha20Poly1305, HMAC.
An mbedtls wrapper is included in cryptlib_mbedtls.
An openssl wrapper is included in cryptlib_openssl.
-
Execution context:
Support to build an OS application for spdm_requester_emu and SpdmResponder_emu to trace the communication.
Support to be included in UEFI host environment EDKII, such as edkii_spdm_requester
Support to be included in OpenBMC. It is in planning, see SPDM Integration.
-
Presentation
Open Source Firmware Conference 2020 - openspdm
Free and Open Source Developers European Meeting 2021 - openspdm
-
libspdm library threat model:
The user guide can be found at threat_model
-
libspdm library design:
The detailed design can be found at design
-
libspdm user guide:
The user guide can be found at user_guide
-
Compiler (Choose one)
c) LLVM (LLVM13) Download: LLVM-13.0.0-win64.exe.
- Add LLVM in PATH environment according to installation instruction.
- Change LLVM install path to C:/LLVM.
- LLVM13 works good for clang and libfuzzer build. Other versions are not validated for clang build.
- Because the libfuzzer lib path is hard code in CMakeLists, other versions are fail for libfuzzer build.
-
cmake (Version 3.17.2 is known to work. Newer versions may fail).
-
Compiler (Choose one)
a) GCC (above GCC5)
b) LLVM (above LLVM10), install steps:
sudo apt-get install llvm-10thensudo apt-get install clang-10. Usellvm-ar -versionandclang -vto confirm the LLVM version. If LLVM installation fails or LLVM installation version is low, you can update Linux version to fix the issue.
- cmocka. Version 1.1.5.
libspdm uses submodules for mbedtls, openssl and cmocka.
To get a full buildable repo, please use git submodule update --init.
If there is an update for submodules, please use git submodule update.
For ia32 builds, use a x86 Native Tools Command Prompt for Visual Studio... command prompt.
For x64 builds, use a x64 Native Tools Command Prompt for Visual Studio... command prompt.
General build steps: (Note the .. at the end of the cmake command).
cd libspdm
mkdir build
cd build
cmake -G"NMake Makefiles" -DARCH=<x64|ia32> -DTOOLCHAIN=<VS2019|VS2015|CLANG> -DTARGET=<Debug|Release> -DCRYPTO=<mbedtls|openssl> ..
nmake copy_sample_key
nmake
Example cmake commands: (Note the .. at the end of the cmake command).
cmake -G"NMake Makefiles" -DARCH=x64 -DTOOLCHAIN=VS2019 -DTARGET=Debug -DCRYPTO=openssl ..
cmake -G"NMake Makefiles" -DARCH=ia32 -DTOOLCHAIN=VS2019 -DTARGET=Release -DCRYPTO=mbedtls ..
Note ia32 build is not supported for CLANG build on windows.
If ia32 builds on 64 bit Linux machine, need install sudo apt-get install gcc-multilib.
General build steps: (Note the .. at the end of the cmake command).
cd libspdm
mkdir build
cd build
cmake -DARCH=<x64|ia32|arm|aarch64|riscv32|riscv64|arc> -DTOOLCHAIN=<GCC|CLANG> -DTARGET=<Debug|Release> -DCRYPTO=<mbedtls|openssl> ..
make copy_sample_key
make
Example cmake commands: (Note the .. at the end of the cmake command).
cmake -DARCH=arm -DTOOLCHAIN=GCC -DTARGET=Debug -DCRYPTO=openssl ..
cmake -DARCH=x64 -DTOOLCHAIN=CLANG -DTARGET=Release -DCRYPTO=mbedtls ..
Run unit_test
The UnitTest output is at libspdm/build/bin.
Open one command prompt at output dir to run test_spdm_requester > NUL and test_spdm_responder > NUL.
You may see something like:
[==========] Running 2 test(s).
[ RUN ] test_spdm_responder_version_case1
[ OK ] test_spdm_responder_version_case1
[ RUN ] test_spdm_responder_version_case2
[ OK ] test_spdm_responder_version_case2
[==========] 2 test(s) run.
[ PASSED ] 2 test(s).
Note: You MUST use a command prompt with the current working directory at libspdm/build/bin when running ULTs or they may fail. Eg. Don't run the ULT from libsdpm/build directory by calling "bin/test_spdm_responder > NULL"
Run spdm_emu
The spdm_emu output is at spdm_emu/build/bin.
Open one command prompt at output dir to run spdm_responder_emu. Then open another command prompt to run spdm_requester_emu.
Please refer to spdm_emu for detail.
spdm_dump tool
The tool output is at spdm_dump/build/bin. It can be used to parse the pcap file for offline analysis.
Please refer to spdm_dump for detail.
libspdm also supports other test such as code coverage, fuzzing, symbolic execution, model checker.
Please refer to test for detail.
- Please refer to issues for detail
This package is only the sample code to show the concept. It does not have a full validation such as robustness functional test and fuzzing test. It does not meet the production quality yet. Any codes including the API definition, the library and the drivers are subject to change.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent