SPDM announces the release of libspdm 3.5
Posted on Mon, 10/28/2024 - 10:42
The Security Protocols and Data Models (SPDM) Code Task Force announces its latest open source release of libspdm, version 3.5. It is conformant with DSP0274 1.0, 1.1, 1.2 and 1.3. It is now available for download. In addition, there are three notable changes:
- SPDM 1.3 GET_KEY_PAIR_INFO
- SPDM 1.3 SET_KEY_PAIR_INFO
- SPDM 1.3 SUBSCRIBE_EVENT_TYPE
- Support PCIE DOE discovery version 2
- Setup nightly Coverity scanning and fix some issues, such as Dead code after loop, Out-of-bounds array read, unused value
The SPDM and secured message libraries follow:
- DSP0274 SPDM Specification (version 1.0.2, version 1.1.3, version 1.2.2 and version 1.3.1)
- DSP0277 Secured Messages using SPDM Specification (version 1.1.0, version 1.2.0)
- DSP0275 SPDM over MCTP Binding Specification (version 1.0.2)
- DSP0276 Secured Messages using SPDM over MCTP Binding Specification (version 1.1.1)
You can find all of this in the group’s readme here. In addition, details such as SPDM supported commands, cryptographic algorithm support, design, threat model, and users guide can be found in the readme in the repository.
Protocols defined by SPDM can be used for a wide range of security functionalities including authentication of hardware/firmware identities, delivering measurements, performing attestation, and establishing session keys for secure communication channels.
In addition to the core library, libspdm enables spdm-emu, which contains a full SPDM Requester and Responder; spdm-dump, which can parse SPDM messages; and the SPDM Responder Validator, which is still under development but can be used to test an SPDM Responder implementation for its conformance to the SPDM specification.