This openspdm is a sample implementation for the DMTF SPDM specification
The openspdm is moved to https://github.com/DMTF/libspdm. The temp_master branch is synced. The openspdm issue is also synced. This repo will be achieved as read-only.
-
Specification
The SPDM and secured message follow :
DSP0274 Security Protocol and Data Model (SPDM) Specification (version 1.0.0 and version 1.1.0)
DSP0277 Secured Messages using SPDM Specification (version 1.0.0b)
The MCTP and secured MCTP follow :
DSP0275 Security Protocol and Data Model (SPDM) over MCTP Binding Specification (version 1.0.0)
DSP0276 Secured MCTP Messages over MCTP Binding Specification (version 1.0.0a)
The PCI DOE / IDE follow :
PCI Data Object Exchange (DOE) ECN
PCI Component Measurement and Authentication (CMA) ECN
PCI Integrity and Data Encryption (IDE) ECN
-
Both SPDM requester and SPDM responder.
-
Programming Context:
No heap is required in the SPDM lib. No writable global variable is required in the SPDM lib.
-
Implemented command and response:
SPDM 1.0: GET_VERSION, GET_CAPABILITY, NEGOTIATE_ALGORITHM, GET_DIGEST, GET_CERTIFICATE, CHALLENGE, GET_MEASUREMENT.
SPDM 1.1: KEY_EXCHANGE, FINISH, PSK_EXCHANGE, PSK_FINISH, END_SESSION, HEARTBEAT, KEY_UPDATE, ENCAPSULATED message
-
Cryptographic algorithm support:
The SPDM lib requires cryptolib API, including random number, symmetric crypto, asymmetric crypto, hash and message authentication code etc.
Current support algorithm: SHA-2, RSA-SSA/ECDSA, FFDHE/ECDHE, AES_GCM/ChaCha20Poly1305, HMAC.
An MbedTls wrapper is included in BaseCryptLibMbedTls.
An Openssl wrapper is included in BaseCryptLibOpenssl.
-
Execution context:
Support to build an OS application for SpdmRequester and SpdmResponder to trace the communication.
Support to be included in UEFI host environment EDKII, such as SpdmRequester
Support to be included in OpenBMC. It is in planning, see SPDM Integration.
-
Presentation
Open Source Firmware Conference 2020 - openspdm
-
openspdm library design:
The detailed design can be found at Design
-
openspdm user guide:
The user guide can be found at UserGuide
-
Visual Studio (VS2015 or VS2019)
-
GCC (above GCC5)
-
LLVM (LLVM9)
Download and install LLVM9. Ensure LLVM9 executable directory is in PATH environment variable.
-
cmake. It will be used to replace makefile.
-
MbedTls as Crypto library
Please download mbedtls-2.16.6 and unzip it. Rename mbedtls-2.16.6 to mbedtls and put mbedtls under MbedTlsLib
-
Openssl as crypto library
Please download openssl-1.1.1g and unzip it. Rename openssl-1.1.1g to openssl and put openssl under OpensslLib
-
Please download cmocka-1.1.5 and unzip it. Rename cmocka-1.1.5 to cmocka and put cmocka under CmockaLib
-
Use Visual Studio
Tool : Visual Studio 2015 (TOOLCHAIN=VS2015)
Open visual studio 2015 command prompt at openspdm dir and type
nmake ARCH=<X64|Ia32> TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. (Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64)Tool : Visual Studio 2019 (TOOLCHAIN=VS2019)
Open visual studio 2019 command prompt at openspdm dir and type
nmake ARCH=<X64|Ia32> TOOLCHAIN=VS2019 TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. (Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64) -
Use LLVM
Tool : LLVM x86_64-pc-windows-msvc (TOOLCHAIN=CLANG)
Open visual studio 2019 command prompt at openspdm dir and type
make ARCH=<X64|Ia32> TOOLCHAIN=CLANG TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. (Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64)
-
Use GCC
Tool : GCC (TOOLCHAIN=GCC)
Open command prompt at openspdm dir and type
make -f GNUmakefile ARCH=<X64|Ia32> TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>. -
Use LLVM
Tool : LLVM (TOOLCHAIN=CLANG)
Open command prompt at openspdm dir and type
make -f GNUmakefile ARCH=<X64|Ia32> TOOLCHAIN=CLANG TARGET=<DEBUG|RELEASE> CRYPTO=<MbedTls|Openssl> -e WORKSPACE=<openspdm_root_dir>.
We will use CMake to replace makefile in the future, after all features are enabled. Currently, only SpdmEmu and UnitTest are enabled with VS2019 and GCC.
-
Use CMake in Linux (Toolchain=GCC|CLANG)
cd openspdm mkdir build cd build cmake -DARCH=<X64|Ia32> -DTOOLCHAIN=<Toolchain> -DTARGET=<Debug|Release> -DCRYPTO=<MbedTls|Openssl> -DTESTTYPE=<SpdmEmu|UnitTest> .. make CopyTestKey make -
Use CMake in Windows (Toolchain=VS2019|VS2015|CLANG)
Use x86 command prompt for ARCH=Ia32 and x64 command prompt for ARCH=X64.
cd openspdm mkdir build cd build cmake -G"NMake Makefiles" -DARCH=<X64|Ia32> -DTOOLCHAIN=<Toolchain> -DTARGET=<Debug|Release> -DCRYPTO=<MbedTls|Openssl> -DTESTTYPE=<SpdmEmu|UnitTest> .. nmake CopyTestKey nmake
Run SpdmEmu
The SpdmEmu output is at openspdm/Build/<TARGET>_<TOOLCHAIN>/<ARCH>.
Open one command prompt at output dir to run SpdmResponderEmu and another command prompt to run SpdmRequesterEmu.
Please refer to SpdmEmu for detail.
Run UnitTest
The UnitTest output is at openspdm/Build/<TARGET>_<TOOLCHAIN>/<ARCH>.
Open one command prompt at output dir to run TestSpdmRequester > NUL and TestSpdmResponder > NUL.
You may see something like:
[==========] Running 2 test(s).
[ RUN ] TestSpdmResponderVersionCase1
[ OK ] TestSpdmResponderVersionCase1
[ RUN ] TestSpdmResponderVersionCase2
[ OK ] TestSpdmResponderVersionCase2
[==========] 2 test(s) run.
[ PASSED ] 2 test(s).
SpdmDump tool
The tool output is at openspdm/Build/<TARGET>_<TOOLCHAIN>/<ARCH>. It can be used to parse the pcap file for offline analysis.
Please refer to SpdmDump for detail.
openspdm also supports other test such as code coverage, fuzzing, symbolic execution, model checker.
Please refer to Test for detail.
- Please refer to issues for detail
- Please refer to contribution for detail
This package is only the sample code to show the concept. It does not have a full validation such as robustness functional test and fuzzing test. It does not meet the production quality yet. Any codes including the API definition, the libary and the drivers are subject to change.
