On Tue, 17 Oct 2023 15:21:54 +1000 Alistair Francis <alistai...@gmail.com> wrote:
> From: Huai-Cheng Kuo <hch...@avery-design.com.tw> > > SPDM enables authentication, attestation and key exchange to assist in > providing infrastructure security enablement. It's a standard published > by the DMTF [1]. > > SPDM supports multiple transports, including PCIe DOE and MCTP. > This patch adds support to QEMU to connect to an external SPDM > instance. > > SPDM support can be added to any QEMU device by exposing a > TCP socket to a SPDM server. The server can then implement the SPDM > decoding/encoding support, generally using libspdm [2]. > > This is similar to how the current TPM implementation works and means > that the heavy lifting of setting up certificate chains, capabilities, > measurements and complex crypto can be done outside QEMU by a well > supported and tested library. > > 1: https://www.dmtf.org/standards/SPDM > 2: https://github.com/DMTF/libspdm > > Signed-off-by: Huai-Cheng Kuo <hch...@avery-design.com.tw> > Signed-off-by: Chris Browy <cbr...@avery-design.com> > Co-developed-by: Jonathan Cameron <jonathan.came...@huawei.com> > Signed-off-by: Jonathan Cameron <jonathan.came...@huawei.com> > [ Changes by WM > - Bug fixes from testing > ] > Signed-off-by: Wilfred Mallawa <wilfred.mall...@wdc.com> > [ Changes by AF: > - Convert to be more QEMU-ified > - Move to backends as it isn't PCIe specific > ] > Signed-off-by: Alistair Francis <alistair.fran...@wdc.com> LGTM. Will be interesting to see how this evolves as we put more requirements on it. Given I already signed off, I won't give another tag as that would be extremely confusing.
