On Tue, 17 Oct 2023 15:21:54 +1000 Alistair Francis <[email protected]> wrote:
> From: Huai-Cheng Kuo <[email protected]> > > SPDM enables authentication, attestation and key exchange to assist in > providing infrastructure security enablement. It's a standard published > by the DMTF [1]. > > SPDM supports multiple transports, including PCIe DOE and MCTP. > This patch adds support to QEMU to connect to an external SPDM > instance. > > SPDM support can be added to any QEMU device by exposing a > TCP socket to a SPDM server. The server can then implement the SPDM > decoding/encoding support, generally using libspdm [2]. > > This is similar to how the current TPM implementation works and means > that the heavy lifting of setting up certificate chains, capabilities, > measurements and complex crypto can be done outside QEMU by a well > supported and tested library. > > 1: https://www.dmtf.org/standards/SPDM > 2: https://github.com/DMTF/libspdm > > Signed-off-by: Huai-Cheng Kuo <[email protected]> > Signed-off-by: Chris Browy <[email protected]> > Co-developed-by: Jonathan Cameron <[email protected]> > Signed-off-by: Jonathan Cameron <[email protected]> > [ Changes by WM > - Bug fixes from testing > ] > Signed-off-by: Wilfred Mallawa <[email protected]> > [ Changes by AF: > - Convert to be more QEMU-ified > - Move to backends as it isn't PCIe specific > ] > Signed-off-by: Alistair Francis <[email protected]> LGTM. Will be interesting to see how this evolves as we put more requirements on it. Given I already signed off, I won't give another tag as that would be extremely confusing.
