DMTF Releases Security Specification 1.3

Posted on Thu, 05/18/2023 - 08:46

DMTF announces the public release of its Security Protocol and Data Model (SPDM) Specification 1.3.0 is now available for download. This specification – developed by DMTF’s Security Protocol and Data Models Working Group – continues to incorporate the input of the organization’s Alliance Partners to help align component authentication, confidentiality, and integrity objects across the industry.

The SPDM Specification (DSP0274) provides message exchange, sequence diagrams, message formats, and other relevant semantics for authentication, firmware measurement, certificate retrieval, and session key exchange protocols to enable confidentiality and integrity protected data communication thus enabling encrypted and authenticated communication of data in flight.

The new features in SPDM 1.3 are:

  • Eventing - SPDM now has the ability where either side of an SPDM communication can notify the other side about changes to its state or the session
  • Multi-key support - SPDM had one private key, which meant one key for everything. However, now you can use different keys for different use cases, enhancing the security of the protocol
  • Measurements - There are three changes to note in Measurements. There is now a standardized measurement format, a log to detect changes (Measurement Extension Log or MEL), and a Hash Extended Measurement (HEM) to let the user know what the next measurement would be before it changes.
  • Endpoint information - Generic information about the endpoint is now retrievable. In a BMC environment, the user can get to FRU, but on the data plane it is important to know what you are talking to before you start securing it as your policy may change.

Other specifications define the mapping of these messages to different transports and physical media. SPDM enables efficient access to low-level security capabilities and operations.

For more information about the SPDM Working Group please visit