Security Protocol and Data Model (SPDM) is a standard published by the Distributed Management Task Force (DMTF) organization Platform Management Components Intercommunication (PMCI) working group. SPDM’s vision is to resolve the long-lasting problem of compatible secure communication solution between two endpoints of embedded systems. To this end, SPDM defines message formats, data objects, and sequences for performing message exchanges. The protocols defined by SPDM can be used for a wide range of security functionalities, such as authentication of hardware / firmware identities, delivering measurements and performing attestation, and session key establishment.

This presentation introduces the open-source tool - OpenSPDM. The OpenSPDM is written in C. It implements an SPDM requester utility to validate a vendor’s responder implementation. It also implement an SPDM responder utility to validate a vender’s requester implementation. The talk covers SPDM 1.0 device authentication and firmware measurement collection and SPDM 1.1 session creation for the data communication protection.

The audience will learn the main components of the SPDM protocol. A firmware solution builder will learn how to implement an SPDM requester to perform the device authentication and attestation and create a secured session with a target device. A device builder will learn how to implement an SPDM responder to respond to the authentication and measurement requests and create a secured session to protect the communication.