The Security Protocols and Data Models (SPDM) Code Task Force announces its latest open source release of libspdm, version 3.4, and is conformant with DSP0274 1.0, 1.1, 1.2 and part of 1.3. It is now available for download. In addition, there are three notable changes:
- Addition of MEL (GET_MEASUREMENT_EXTENSION_LOG)
- Support for Secured Messages using SPDM Specification DSP0277 1.2
- Support for MbedTLS 3.0. The 3.X version of MbedTLS is not compatible with the older 2.X versions; this will help with future versions and represents a considerable amount of work.
The SPDM and secured message libraries follow:
- DSP0274 SPDM Specification (version 1.0.2, version 1.1.3, version 1.2.2 and version 1.3.0)
- DSP0277 Secured Messages using SPDM Specification (version 1.1.0, version 1.2.0)
- DSP0275 SPDM over MCTP Binding Specification (version 1.0.2)
- DSP0276 Secured Messages using SPDM over MCTP Binding Specification (version 1.1.1)
You can find all of this in the group’s readme here. In addition, details such as SPDM supported commands, cryptographic algorithm support, design, threat model, and users guide can be found in the readme in the repository.
Protocols defined by SPDM can be used for a wide range of security functionalities including authentication of hardware/firmware identities, delivering measurements, performing attestation, and establishing session keys for secure communication channels.
In addition to the core library, libspdm enables spdm-emu, which contains a full SPDM Requester and Responder; spdm-dump, which can parse SPDM messages; and the SPDM Responder Validator, which is still under development but can be used to test an SPDM Responder implementation for its conformance to the SPDM specification.
For more information about libspdm, please visit https://github.com/DMTF/libspdm.