From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from bmailout2.hostsharing.net (bmailout2.hostsharing.net [83.223.78.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D6ACFDDDB for ; Thu, 12 Oct 2023 07:16:37 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=wunner.de Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=h08.hostsharing.net Authentication-Results: smtp.subspace.kernel.org; dkim=none Received: from h08.hostsharing.net (h08.hostsharing.net [IPv6:2a01:37:1000::53df:5f1c:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "*.hostsharing.net", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by bmailout2.hostsharing.net (Postfix) with ESMTPS id 904BD2800B1AF; Thu, 12 Oct 2023 09:16:29 +0200 (CEST) Received: by h08.hostsharing.net (Postfix, from userid 100393) id 821D9224D1; Thu, 12 Oct 2023 09:16:29 +0200 (CEST) Date: Thu, 12 Oct 2023 09:16:29 +0200 From: Lukas Wunner To: Alistair Francis Cc: "Jonathan.Cameron@Huawei.com" , "kvm@vger.kernel.org" , "linux-coco@lists.linux.dev" , Wilfred Mallawa , "graf@amazon.com" , "linux-cxl@vger.kernel.org" , "davem@davemloft.net" , "ming4.li@intel.com" , "herbert@gondor.apana.org.au" , "helgaas@kernel.org" , "alex.williamson@redhat.com" , "seanjc@google.com" , "zhi.a.wang@intel.com" , "dwmw2@infradead.org" , "dave.jiang@intel.com" , "linux-crypto@vger.kernel.org" , "thomas.lendacky@amd.com" , "keyrings@vger.kernel.org" , "aik@amd.com" , "david.e.box@intel.com" , "linuxarm@huawei.com" , "linux-pci@vger.kernel.org" , "dhowells@redhat.com" , "dan.j.williams@intel.com" Subject: Re: [PATCH 07/12] spdm: Introduce library to authenticate devices Message-ID: <20231012071629.GA6305@wunner.de> References: <89a83f42ae3c411f46efd968007e9b2afd839e74.1695921657.git.lukas@wunner.de> <20231003153937.000034ca@Huawei.com> Precedence: bulk X-Mailing-List: linux-coco@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) On Thu, Oct 12, 2023 at 03:26:44AM +0000, Alistair Francis wrote: > On Tue, 2023-10-03 at 15:39 +0100, Jonathan Cameron wrote: > > On Thu, 28 Sep 2023 19:32:37 +0200 Lukas Wunner wrote: > > > This implementation supports SPDM 1.0 through 1.3 (the latest > > > version). > > > > I've no strong objection in allowing 1.0, but I think we do need > > to control min version accepted somehow as I'm not that keen to get > > security folk analyzing old version... > > Agreed. I'm not sure we even need to support 1.0 According to PCIe r6.1 page 115 ("Reference Documents"): "CMA requires SPDM Version 1.0 or above. IDE requires SPDM Version 1.1 or above. TDISP requires version 1.2 or above." This could be interpreted as SPDM 1.0 support being mandatory to be spec-compliant. Even if we drop support for 1.0 from the initial bringup patches, someone could later come along and propose a patch to re-add it on the grounds of the above-quoted spec section. So I think we can't avoid it. Thanks, Lukas