DMTF Releases Security Protocol and Data Model (SPDM) Architecture as Work in Progress

Posted on Thu, 05/09/2019 - 09:52

Edited on 9/27/2022: The development of the SPDM specification is now within the SPDM Working Group of DMTF. For more information about SPDM, please visit:

DMTF’s Platform Management Components Intercommunication (PMCI) Security Task Force has published a Work In Progress architecture presentation for two new upcoming specifications. 

The Security Protocol and Data Model (SPDM) Specification (DSP0274) provides message exchange, sequence diagrams, message formats, and other relevant semantics for authentication, firmware measurement, and certificate management. This specification for additional security defined by SPDM has a goal of aligning component authentication and integrity objects across the industry and is being designed to be referenced by other standards organizations.

The SPDM over MCTP Binding Specification (DSP0275) will contain the mapping of SPDM to MCTP message type 5 for usage within a Platform Management Subsystem that uses DMTF’s Management Component Transport Protocol (MCTP) for communication between individual components.

In this new architecture presentation, now available for download, details of the specification’s commands, sequence diagrams, and message formats are provided. Industry feedback on the latest architecture is encouraged through our website

The PMCI Security Task Force is part of the PMCI Working Group, which – in addition to MCTP – also develops the Network Controller Sideband Interface (NC-SI) and Platform Level Data Model (PLDM) specifications. These “inside the box” communication interfaces provide a comprehensive, common architecture for improved communication between management subsystem components.

DMTF members are encouraged to join the PMCI Working Group and help shape these expedited security deliverables by visiting the PMCI Working Group’s private workspace. Non-members who would like to join the DMTF to contribute can learn more here:

For more information about the PMCI Working Group and the platform management standards it defines, please visit