From: Jonathan Cameron via <qemu-devel@nongnu.org>
To: Alistair Francis <alistair23@gmail.com>, <qemu-devel@nongnu.org>
Cc: <cbrowy@avery-design.com>, <wilfred.mallawa@wdc.com>,
<mst@redhat.com>, <lukas@wunner.de>, <kbusch@kernel.org>,
<hchkuo@avery-design.com.tw>, <its@irrelevant.dk>,
<jiewen.yao@intel.com>, <marcel.apfelbaum@gmail.com>,
"Paolo Bonzini" <pbonzini@redhat.com>, <qemu-block@nongnu.org>,
Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH v2 2/3] backends: Initial support for SPDM socket support
Date: Tue, 17 Oct 2023 11:04:44 +0100 [thread overview]
Message-ID: <20231017110444.000058be@Huawei.com> (raw)
In-Reply-To: <20231017052155.173577-3-alistair.francis@wdc.com>
On Tue, 17 Oct 2023 15:21:54 +1000
Alistair Francis <alistair23@gmail.com> wrote:
> From: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
>
> SPDM enables authentication, attestation and key exchange to assist in
> providing infrastructure security enablement. It's a standard published
> by the DMTF [1].
>
> SPDM supports multiple transports, including PCIe DOE and MCTP.
> This patch adds support to QEMU to connect to an external SPDM
> instance.
>
> SPDM support can be added to any QEMU device by exposing a
> TCP socket to a SPDM server. The server can then implement the SPDM
> decoding/encoding support, generally using libspdm [2].
>
> This is similar to how the current TPM implementation works and means
> that the heavy lifting of setting up certificate chains, capabilities,
> measurements and complex crypto can be done outside QEMU by a well
> supported and tested library.
>
> 1: https://www.dmtf.org/standards/SPDM
> 2: https://github.com/DMTF/libspdm
>
> Signed-off-by: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
> Signed-off-by: Chris Browy <cbrowy@avery-design.com>
> Co-developed-by: Jonathan Cameron <Jonathan.cameron@huawei.com>
> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> [ Changes by WM
> - Bug fixes from testing
> ]
> Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
> [ Changes by AF:
> - Convert to be more QEMU-ified
> - Move to backends as it isn't PCIe specific
> ]
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
LGTM. Will be interesting to see how this evolves as we put more
requirements on it.
Given I already signed off, I won't give another tag as that would be
extremely confusing.
WARNING: multiple messages have this Message-ID (diff)
From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Alistair Francis <alistair23@gmail.com>, <qemu-devel@nongnu.org>
Cc: <cbrowy@avery-design.com>, <wilfred.mallawa@wdc.com>,
<mst@redhat.com>, <lukas@wunner.de>, <kbusch@kernel.org>,
<hchkuo@avery-design.com.tw>, <its@irrelevant.dk>,
<jiewen.yao@intel.com>, <marcel.apfelbaum@gmail.com>,
"Paolo Bonzini" <pbonzini@redhat.com>, <qemu-block@nongnu.org>,
Alistair Francis <alistair.francis@wdc.com>
Subject: Re: [PATCH v2 2/3] backends: Initial support for SPDM socket support
Date: Tue, 17 Oct 2023 11:04:44 +0100 [thread overview]
Message-ID: <20231017110444.000058be@Huawei.com> (raw)
Message-ID: <20231017100444.N49X9RaMxpY73jofHlgYNjQJwAOQZz_dI6uPOeyfRqk@z> (raw)
In-Reply-To: <20231017052155.173577-3-alistair.francis@wdc.com>
On Tue, 17 Oct 2023 15:21:54 +1000
Alistair Francis <alistair23@gmail.com> wrote:
> From: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
>
> SPDM enables authentication, attestation and key exchange to assist in
> providing infrastructure security enablement. It's a standard published
> by the DMTF [1].
>
> SPDM supports multiple transports, including PCIe DOE and MCTP.
> This patch adds support to QEMU to connect to an external SPDM
> instance.
>
> SPDM support can be added to any QEMU device by exposing a
> TCP socket to a SPDM server. The server can then implement the SPDM
> decoding/encoding support, generally using libspdm [2].
>
> This is similar to how the current TPM implementation works and means
> that the heavy lifting of setting up certificate chains, capabilities,
> measurements and complex crypto can be done outside QEMU by a well
> supported and tested library.
>
> 1: https://www.dmtf.org/standards/SPDM
> 2: https://github.com/DMTF/libspdm
>
> Signed-off-by: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
> Signed-off-by: Chris Browy <cbrowy@avery-design.com>
> Co-developed-by: Jonathan Cameron <Jonathan.cameron@huawei.com>
> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
> [ Changes by WM
> - Bug fixes from testing
> ]
> Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
> [ Changes by AF:
> - Convert to be more QEMU-ified
> - Move to backends as it isn't PCIe specific
> ]
> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
LGTM. Will be interesting to see how this evolves as we put more
requirements on it.
Given I already signed off, I won't give another tag as that would be
extremely confusing.
next prev parent reply other threads:[~2023-10-17 10:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-17 5:21 [PATCH v2 0/3] Initial support for SPDM Responders Alistair Francis
2023-10-17 5:21 ` [PATCH v2 1/3] hw/pci: Add all Data Object Types defined in PCIe r6.0 Alistair Francis
2023-10-17 9:57 ` Jonathan Cameron via
2023-10-17 9:57 ` Jonathan Cameron
2023-10-17 5:21 ` [PATCH v2 2/3] backends: Initial support for SPDM socket support Alistair Francis
2023-10-17 10:04 ` Jonathan Cameron via [this message]
2023-10-17 10:04 ` Jonathan Cameron
2023-10-17 5:21 ` [PATCH v2 3/3] hw/nvme: Add SPDM over DOE support Alistair Francis
2023-10-17 10:18 ` Jonathan Cameron via
2023-10-17 10:18 ` Jonathan Cameron
2023-11-15 9:29 ` Klaus Jensen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231017110444.000058be@Huawei.com \
--to=qemu-devel@nongnu.org \
--cc=Jonathan.Cameron@Huawei.com \
--cc=alistair.francis@wdc.com \
--cc=alistair23@gmail.com \
--cc=cbrowy@avery-design.com \
--cc=hchkuo@avery-design.com.tw \
--cc=its@irrelevant.dk \
--cc=jiewen.yao@intel.com \
--cc=kbusch@kernel.org \
--cc=lukas@wunner.de \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=wilfred.mallawa@wdc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.