DMTF today announced that its Security Protocol and Data Model (SPDM) specifications have garnered industry support and are actively helping to solve customer and end user concerns with a standardized platform security protocol. Developed by the Security Task Force within the Platform Management Communications Infrastructure Working Group, DMTF has created the platform security protocol and when implemented properly, SPDM helps ensure a complete chain of trust for the platform. 

“Platform security is becoming increasingly important and as platform firmware components have become a new area for attacks, DMTF has developed SPDM to address these challenges,” said Jeff Hilland, president of DMTF.

SPDM defines messages, data objects, and sequences for performing message exchanges between components over a variety of transport and physical media. The description of message exchanges includes authentication of hardware identities, measurement for firmware identities and settings, and session key exchange protocols to enable confidentiality and integrity protected data communication. SPDM enables efficient access to low-level security capabilities and operations. 

By using SPDM, management traffic inside the box over MCTP can be encrypted allowing management data inside the platform to be encrypted, like TLS/HTTPS encrypts your traffic over the Internet.

Additionally, SPDM is leveraged by other industry specifications to create a common security framework. SPDM incorporates input from CXL Consortium, HDBaseT Alliance, MIPI Alliance, Open Compute Project, PCI-SIG®, Storage Networking Industry Association, and the Trusted Computing Group through the DMTF Alliance Partner process, to help align component authentication, confidentiality, and integrity objects across the industry. Other mechanisms, including both non-DMTF and DMTF-defined mechanisms, can use the SPDM specifications. 

Several key industry leaders are solving end user concerns in a common way by utilizing DMTF standards. Click here to read the entire press release and industry support.