Security Protocol and Data Model (SPDM) is a standard published by the Distributed Management Task Force (DMTF) organization Platform Management Components Intercommunication (PMCI) working group. SPDM’s vision is to resolve the long-lasting problem of compatible secure communication solution between two endpoints of embedded systems. Protocols defined by SPDM can be used for a wide range of security functionalities including authentication of hardware/firmware identities, delivering measurements, performing attestation, and establishing session keys for secure communication channels.

This presentation introduces OpenSPDM, an open-source sample implementation which implements an SPDM requester utility to validate a vendor’s responder implementation. The talk covers SPDM 1.0 device authentication and firmware measurement collection, and SPDM 1.1 session creation for data communication protection.

The audience will learn the main components of the SPDM protocol. A firmware solution builder will learn how to implement a SPDM requester to perform device authentication/attestation and create a secured session with a target device. A device builder will learn how to implement a SPDM responder for authentication/measurement requests and create a secured session to protect communications.