DMTF’s SPDM Code Task Force recently announced its latest open source releases of libspdm, versions 2.3 and 3.0. These releases are conformant to DSP0274 1.0.1, 1.1.2, and 1.2.1 and DSP0277 1.1.0, and are now available for download.  

The SPDM and secured message libraries follow:

•    DSP0274 Security Protocol and Data Model (SPDM) Specification (version 1.0.1, version 1.1.2 and version 1.2.1)

•    DSP0277 Secured Messages using SPDM Specification (version 1.1.0)

You can find all of this in the group’s readme here. In addition, details such as the SPDM supported commands, cryptographic algorithm support, design, threat model, and users guide can also be found in the readme in the repository.

Protocols defined by SPDM can be used for a wide range of security functionalities including authentication of hardware/firmware identities, delivering measurements, performing attestation, and establishing session keys for secure communication channels. 

In addition to the core library, libspdm enables spdm-emu, which contains a full SPDM Requester and Responder; spdm-dump, which can parse SPDM messages; and the SPDM Responder Validator, which is still under development but can be used to test an SPDM Responder implementation for its conformance to the SPDM specification.

For more information about libspdm, please visit https://github.com/DMTF/libspdm.