From: Jonathan Cameron via <qemu-devel@nongnu.org>
To: Alistair Francis <alistair23@gmail.com>,
<marcel.apfelbaum@gmail.com>, <its@irrelevant.dk>,
<mst@redhat.com>
Cc: <hchkuo@avery-design.com.tw>, <wilfred.mallawa@wdc.com>,
<cbrowy@avery-design.com>, <kbusch@kernel.org>, <lukas@wunner.de>,
<jiewen.yao@intel.com>, <qemu-devel@nongnu.org>,
Alistair Francis <alistair.francis@wdc.com>,
<qemu-block@nongnu.org>, Paolo Bonzini <pbonzini@redhat.com>
Subject: Re: [PATCH v5 0/3] Initial support for SPDM Responders
Date: Thu, 7 Mar 2024 09:42:45 +0000 [thread overview]
Message-ID: <20240307094245.00006490@Huawei.com> (raw)
In-Reply-To: <20240307005859.356555-1-alistair.francis@wdc.com>
On Thu, 7 Mar 2024 10:58:56 +1000
Alistair Francis <alistair23@gmail.com> wrote:
> The Security Protocol and Data Model (SPDM) Specification defines
> messages, data objects, and sequences for performing message exchanges
> over a variety of transport and physical media.
> - https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.3.0.pdf
>
> SPDM currently supports PCIe DOE and MCTP transports, but it can be
> extended to support others in the future. This series adds
> support to QEMU to connect to an external SPDM instance.
>
> SPDM support can be added to any QEMU device by exposing a
> TCP socket to a SPDM server. The server can then implement the SPDM
> decoding/encoding support, generally using libspdm [1].
>
> This is similar to how the current TPM implementation works and means
> that the heavy lifting of setting up certificate chains, capabilities,
> measurements and complex crypto can be done outside QEMU by a well
> supported and tested library.
>
> This series implements socket support and exposes SPDM for a NVMe device.
Thanks Alastair,
I'm really keen to seen this land soon as I have the CXL infrastructure
for this backed up behind it. Also will be needed for PCI (IDE) and CXL link
encryption emulation and most if not all of the confidential computing stacks
with QEMU emulating the host system + peripherals.
I believe it's just waiting for a PCI Maintainer Ack at this point? Klaus said he
was happy to take it through NVME but wanted a PCI Ack first.
Michael / Marcel, if you have time to look at it that would be great.
Thanks,
Jonathan
>
> 1: https://github.com/DMTF/libspdm
>
> v5:
> - Update MAINTAINERS
> v4:
> - Rebase
> v3:
> - Spelling fixes
> - Support for SPDM-Utils
> v2:
> - Add cover letter
> - A few code fixes based on comments
> - Document SPDM-Utils
> - A few tweaks and clarifications to the documentation
>
> Alistair Francis (1):
> hw/pci: Add all Data Object Types defined in PCIe r6.0
>
> Huai-Cheng Kuo (1):
> backends: Initial support for SPDM socket support
>
> Wilfred Mallawa (1):
> hw/nvme: Add SPDM over DOE support
>
> MAINTAINERS | 6 +
> docs/specs/index.rst | 1 +
> docs/specs/spdm.rst | 122 ++++++++++++++++++++
> include/hw/pci/pci_device.h | 5 +
> include/hw/pci/pcie_doe.h | 5 +
> include/sysemu/spdm-socket.h | 44 +++++++
> backends/spdm-socket.c | 216 +++++++++++++++++++++++++++++++++++
> hw/nvme/ctrl.c | 53 +++++++++
> backends/Kconfig | 4 +
> backends/meson.build | 2 +
> 10 files changed, 458 insertions(+)
> create mode 100644 docs/specs/spdm.rst
> create mode 100644 include/sysemu/spdm-socket.h
> create mode 100644 backends/spdm-socket.c
>
prev parent reply other threads:[~2024-03-07 9:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-07 0:58 [PATCH v5 0/3] Initial support for SPDM Responders Alistair Francis
2024-03-07 0:58 ` [PATCH v5 1/3] hw/pci: Add all Data Object Types defined in PCIe r6.0 Alistair Francis
2024-03-07 0:58 ` [PATCH v5 2/3] backends: Initial support for SPDM socket support Alistair Francis
2024-03-07 10:12 ` Philippe Mathieu-Daudé
2024-03-07 0:58 ` [PATCH v5 3/3] hw/nvme: Add SPDM over DOE support Alistair Francis
2024-03-07 10:17 ` Philippe Mathieu-Daudé
2024-03-07 9:42 ` Jonathan Cameron via [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240307094245.00006490@Huawei.com \
--to=qemu-devel@nongnu.org \
--cc=Jonathan.Cameron@Huawei.com \
--cc=alistair.francis@wdc.com \
--cc=alistair23@gmail.com \
--cc=cbrowy@avery-design.com \
--cc=hchkuo@avery-design.com.tw \
--cc=its@irrelevant.dk \
--cc=jiewen.yao@intel.com \
--cc=kbusch@kernel.org \
--cc=lukas@wunner.de \
--cc=marcel.apfelbaum@gmail.com \
--cc=mst@redhat.com \
--cc=pbonzini@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=wilfred.mallawa@wdc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).