DMTF Shares Industry Support for Its Platform Security Standards
PORTLAND, Ore. – January 11, 2022 – DMTF today announced that its Security Protocol and Data Model (SPDM) specifications have garnered industry support and are actively helping to solve customer and end user concerns with a standardized platform security protocol. Developed by the Security Task Force within the Platform Management Communications Infrastructure Working Group, DMTF has created the platform security protocol and when implemented properly, SPDM helps ensure a complete chain of trust for the platform.
“Platform security is becoming increasingly important and as platform firmware components have become a new area for attacks, DMTF has developed SPDM to address these challenges,” said Jeff Hilland, president of DMTF.
SPDM defines messages, data objects, and sequences for performing message exchanges between components over a variety of transport and physical media. The description of message exchanges includes authentication of hardware identities, measurement for firmware identities and settings, and session key exchange protocols to enable confidentiality and integrity protected data communication. SPDM enables efficient access to low-level security capabilities and operations.
By using SPDM, management traffic inside the box over MCTP can be encrypted allowing management data inside the platform to be encrypted, like TLS/HTTPS encrypts your traffic over the Internet.
Additionally, SPDM is leveraged by other industry specifications to create a common security framework. SPDM incorporates input from CXL Consortium, HDBaseT Alliance, MIPI Alliance, Open Compute Project, PCI-SIG®, Storage Networking Industry Association, and the Trusted Computing Group through the DMTF Alliance Partner process, to help align component authentication, confidentiality, and integrity objects across the industry. Other mechanisms, including both non-DMTF and DMTF-defined mechanisms, can use SPDM specifications.
Thus, SPDM is a critical standard that enables the encryption of data and management traffic in flight within any platform adopting these standards.
Several industry leaders are solving platform security concerns in a common way by utilizing DMTF’s SPDM standards.
“Platform, as well as device security, is a top priority for Broadcom and it is critical that we enable our SAS storage, PCIe switches, and Ethernet NIC adapters with an industry-leading standardized platform security protocol,” said Jas Tremblay, vice president and general manager, Data Center Solutions Group, Broadcom. “By utilizing DMTF’s SPDM standards, we can provide our customers with attestation and secure boot features for enhanced device authentication and security.”
“Cisco is deeply committed to security designed into its platforms and services. As attacks have evolved to become more sophisticated, comprehensive protection of all aspects of hardware & software platforms is essential. Cisco has implemented Security Protocol and Data Model (SPDM) to secure UCS products, to provide the hardware authenticity, firmware integrity and protection our customers require & expect. Cisco is committed to expanding the use of SPDM across its UCS portfolio,” said Bhaskar Jayakrishnan, Vice President, Cisco Cloud & Compute Engineering.
“Infrastructure platform security is an industry imperative and a key priority for our customers and Dell Technologies products. Our support for DMTF’s SPDM standards complements our approach to provide a standardized platform security protocol,” said Paul Perez, chief technology and innovation officer, Dell Technologies Infrastructure Solutions Group. “Dell EMC PowerEdge servers and our HCI platforms feature an enhanced cyber resilient architecture enabled by our iDRAC platform root of trust. Enabling SPDM creates a connection to bring in platform IO devices and extend this architecture.”
“DMTF’s SPDM is a key security capability in servers for authenticating and securely monitoring devices in an open standards-based approach,” said Krista Satterthwaite, vice president and general manager of Mainstream Compute at Hewlett Packard Enterprise. “HPE looks forward to supporting SPDM in our upcoming servers to extend device protection and detection for option cards. The enhancement builds on to HPE’s silicon root of trust technology, and by using HPE Integrated Lights-Out (iLO), allows customers to gain insights from attacks stemming from supply chain, physical or remote attempts.”
Mark Figley, IBM's Vice President of Modernization and Automation, stated that "IBM servers require the highest level of chain of trust and security, and DMTF's SPDM standard is a critical technology for the future of IBM's server platform security."
“Platform security is a top priority and by utilizing DMTF’s SPDM 1.2.0 standards we can provide additional benefits and value to our customers and end users by utilizing a standardized platform security protocol,” said Patty Kummrow, Vice President in the Network and Edge Group - Intel. “SPDM standards enable a chain of trust for the platform that the industry, customers and end users are demanding.”
“Platform security is an absolute imperative and by utilizing DMTF’s SPDM platform standards, we can provide additional benefits to our customers through a standardized platform security protocol,” said Anthony Corkell, VP, Chief Quality and Security Officer, Lenovo Infrastructure Solutions Group. “SPDM standard protocols enable security capabilities that help us meet the demands of Lenovo customers and the industry at large.”
“Security is non-negotiable and is a top business priority for Positivo Tecnologia. Security Protocol and Data Model specifications have several important and beneficial standards that allow companies to offer their customers high security levels,” said Fernando Tavares, Positivo Tecnologia Regulatory Engineering Specialist. “Those companies that implement the standards will be steps ahead in the market.”
“DMTF continues its industry leadership role with the development of the SPDM specifications,” said Arun Kalluri, General Manager, Software Products, Supermicro. “Supermicro welcomes this standardized approach as the right step forward to mitigate consumers’ security concerns and ensure a strong chain of trust for system platforms. Supermicro customers can trust it actively supports the leading security protocols, and we have a strong commitment to open standards on the widest product portfolio.”
To learn more about the PMCI Working Group and the platform management standards it defines, or to get involved in this work, please visit https://www.dmtf.org/standards/pmci. Detailed information on DMTF standards can be found at www.dmtf.org/standards. Those interested in supporting and joining DMTF’s efforts can learn more at www.dmtf.org/join.
DMTF, an industry standards organization, creates open manageability specifications spanning diverse emerging and traditional IT infrastructures including cloud, virtualization, network, servers, and storage. Member companies and alliance partners worldwide collaborate on standards including Redfish, SMBIOS, MCTP, PLDM, and more to improve the interoperable management of information technologies. Nationally and internationally recognized by ANSI and ISO, DMTF standards enable a more integrated and cost-effective approach to management through interoperable solutions. Simultaneous development of Open Source and Open Standards is made possible by DMTF, which has the support, tools, and infrastructure for efficient development and collaboration. For a complete list of our standards and initiatives, visit the Standards and Technologies section of the DMTF website.
DMTF is led by a diverse board of directors from Broadcom Inc.; Cisco; Dell Technologies; Hewlett Packard Enterprise; Intel Corporation; Lenovo; NetApp; Positivo Tecnologia S.A.; and Verizon.