SPDM Security Protocols and Data Models Working Group

Working Group Chair(s)

  • Jeff Hilland, HPE Inc.
  • Brett Henning, Broadcom Inc.

Working Group Description

The DMTF’s Security Protocols and Data Models (SPDM) Working group is responsible for the SPDM standard. This standard enables authentication, attestation and key exchange to assist in providing infrastructure security enablement. Other messages that extend functionality of SPDM as well as the development of other standards that enable and enhance infrastructure security are also developed by the SPDM WG.

The SPDM Specification (DSP0274) is designed to be enabled over a variety of media and thus can be referenced by other standards organizations and developers. SPDM incorporates the input of these external organizations, through the DMTF Alliance Partner process, to help align component authentication, confidentiality, and integrity objects across the industry.

The Security Protocol and Data Model over MCTP Binding Specification (DSP0275) & Secured Messages using SPDM over MCTP Binding Specification (DSP0276) fall under the purview of DMTF’s PMCI WG. They are published on this page as a courtesy as the PMCI WG and SPDM WG work cooperatively to maintain the specifications.

Get Involved

  • Technical work on SPDM standards takes place in the Security Protocols & and Data Models Working Group.
  • DMTF members are encouraged to contribute and access the work of the SPDM Working Group via its private, members-only workspace. Non-members, learn more and join DMTF to participate. 
  • DMTF welcomes feedback on our standards, but requires that individuals submitting comments first agree to our DMTF Feedback Policy.

 

Upcoming Workgroup Deliverables

DMTF Standard
Publication Identifier
Document TitleTarget VersionTarget Release Date
DSP0274Security Protocol & Data Model (SPDM) Specification1.4.02025Q2
DSP0277Secured Messages using SPDM Specification1.3.02025Q1
DSP0277Secured Messages using SPDM Specification2.0.02025Q1
DSP0286SPDM to Storage Binding Specification1.0.02024Q4
DSP0287SPDM over TCP Binding Specification1.0.0Published
DSP0289SPDM Authorization Specification1.0.02024Q3
 DSP2058SPDM White Paper 1.4.02025Q2

DMTF Specifications

DSP # Version Title Date Comments Versions
DSP0287 1.0.0 SPDM over TCP Binding Specification 3 Sep 2024 Standard View
DSP0277 1.2.0 Secured Messages using SPDM Specification 10 Jun 2024 Standard View
DSP0276 1.2.0 Secured Messages using SPDM over MCTP Binding Specification 3 Sep 2024 Standard View
DSP0275 1.0.2 Security Protocol and Data Model (SPDM) over MCTP Binding Specification 25 Oct 2023 Standard View
DSP0274 1.3.2 Security Protocol and Data Model (SPDM) Specification 23 Sep 2024 Standard View

Open Source

Latest Version Title Date Comments Versions
Download 3.4.0 spdm-dump 12 Jul 2024 View
Download 3.4.0 spdm-emu 12 Jul 2024 View
Download 3.4.0 libspdm 12 Jul 2024 View

Work in Progress Documents

DSP # Version Title Date Comments Versions
DSP0274 1.4.0WIP70 Security Protocol and Data Model (SPDM) Specification 13 Dec 2024 Work-in-Progress View
DSP0289 1.0.0WIP80 Authorization Specification 11 Oct 2024 Work-in-Progress View
DSP0286 1.0.0WIP90 SPDM to Storage Binding Specification 26 Aug 2024 Work-in-Progress View
DSP-IS0023 1.0.0WIP50 SPDM Conformance Test Suite Guidance 11 Jul 2022 Work-in-Progress View

White Papers and Technical Notes

DSP # Version Title Date Comments Versions
Tech Note 2024 DMTF SPDM Tech Note 2 Feb 2024 Informational View
DSP2058 1.3.0 Security Protocol and Data Model (SPDM) Architecture White Paper 17 Jun 2024 Informational View

Open Source Projects using DMTF SPDM Technologies

DMTF technologies are leveraged in numerous third-party open source projects. If you are aware of any additional projects using DMTF technologies that are not included below, please contact us so we can add them to the list.
Open Source Project Description of Tool
libspdm

libspdm is a sample implementation that follows the DMTF SPDM specifications. This is a DMTF-led effort.

SPDM Responder Validator

The SPDM Responder Validator tests the protocol behavior of an SPDM Responder device to validate that it conforms to the SPDM specification. This is a DMTF-led effort.