Document Identifier: DSP0275
Date: 2019-09-21
Version: 0.95.0
Security Protocol and Data Model (SPDM) over MCTP Binding Specification
Information for Work-in-Progress version:
IMPORTANT: This document is not a standard. It does not necessarily reflect the views of the DMTF or its members. Because this document is a Work in Progress, this document may still change, perhaps profoundly and without notice. This document is available for public review and comment until superseded.
Provide any comments through the DMTF Feedback Portal: http://www.dmtf.org/standards/feedback
Supersedes: 0.9.0a
Document Class: Normative
Document Status: Work-in-Progress
Document Language: en-US
Copyright Notice
Copyright © 2019 DMTF. All rights reserved.
DMTF is a not-for-profit association of industry members dedicated to promoting enterprise and systems management and interoperability. Members and non-members may reproduce DMTF specifications and documents, provided that correct attribution is given. As DMTF specifications may be revised from time to time, the particular version and release date should always be noted.
Implementation of certain elements of this standard or proposed standard may be subject to third party patent rights, including provisional patent rights (herein "patent rights"). DMTF makes no representations to users of the standard as to the existence of such rights, and is not responsible to recognize, disclose, or identify any or all such third party patent right, owners or claimants, nor for any incomplete or inaccurate identification or disclosure of such rights, owners or claimants. DMTF shall have no liability to any party, in any manner or circumstance, under any legal theory whatsoever, for failure to recognize, disclose, or identify any such third party patent rights, or for such party's reliance on the standard or incorporation thereof in its product, protocols or testing procedures. DMTF shall have no liability to any party implementing such standard, whether such implementation is foreseeable or not, nor to any patent owner or claimant, and shall have no liability or responsibility for costs or losses incurred if a standard is withdrawn or modified after publication, and shall be indemnified and held harmless by any party implementing the standard from any and all claims of infringement by a patent owner for such implementations.
For information about patents held by third-parties which have notified the DMTF that, in their opinion, such patent may relate to or impact implementations of DMTF standards, visit http://www.dmtf.org/about/policies/disclosures.php.
This document's normative language is English. Translation into other languages is permitted.
CONTENTS
- 1. Scope
- 2. Normative references
- 3. Terms and definitions
- 4. Symbols and abbreviated terms
- 5. SPDM over MCTP binding
- 6. ANNEX A (informative)
- 7. Bibliography
Foreword
The Platform Management Components Intercommunications (PMCI) Working Group prepared the Security Protocol and Data Model (SPDM) over MCTP Binding Specification (DSP0275).
DMTF is a not-for-profit association of industry members dedicated to promoting enterprise and systems management and interoperability. For information about the DMTF, see https://www.dmtf.org.
| Information for Work-in-Progress version: |
|---|
|
IMPORTANT: This document is not a standard. It does not necessarily reflect the views of the DMTF or its members. Because this document is a Work in Progress, this document may still change, perhaps profoundly and without notice. This document is available for public review and comment until superseded. Provide any comments through the DMTF Feedback Portal: https://www.dmtf.org/standards/feedback. |
Acknowledgments
The DMTF acknowledges the following individuals for their contributions to this document:
Editor:
- Mahesh Natu — Intel Corporation
Contributors:
- Richelle Ahlvers — Broadcom Inc.
- Lee Ballard — Dell Technologies
- Patrick Caporale — Lenovo
- Yu-Yuan Chen — Intel Corporation
- Nigel Edwards — Hewlett Packard Enterprise
- Brett Henning — Broadcom Inc.
- Jeff Hilland — Hewlett Packard Enterprise
- Yuval Itkin — Mellanox Technologies
- Theo Koulouris — Hewlett Packard Enterprise
- Luis Luciani — Hewlett Packard Enterprise
- Masoud Manoo — Lenovo
- Edward Newman — Hewlett Packard Enterprise
- Scott Phuong — Cisco Systems Inc.
- Jeffrey Plank — Microchip
- Viswanath Ponnuru — Dell Technologies
- Hemal Shah — Broadcom Inc.
Abstract
SPDM is designed to be an effective interface and data model that enables efficient access to low-level security capabilities and operations.
SPDM over MCTP binding defines the format of SPDM messages transported over MCTP.
Document conventions
Typographical conventions |
|
ABNF usage conventions |
Use ABNF to format definitions in this document, with the following deviation:
See RFC5234. |
Deprecated material |
Deprecated material is not recommended for use in new development efforts. Existing and new implementations may use this material but they shall move to the favored approach as soon as possible. CIM service shall implement any deprecated elements as required by this document to achieve backwards compatibility. Although CIM clients may use deprecated elements, they are directed to use the favored elements instead. Deprecated material should contain references to:
The following typographical convention indicates deprecated material: DEPRECATED Deprecated material appears here. DEPRECATED In places where this typographical convention cannot be used, such as in tables or figures, the |
Experimental material |
Experimental material:
It is likely that an upcoming revision of the document will include experimental material. Until then, experimental material is purely informational. The following typographical convention indicates experimental material: EXPERIMENTAL Experimental material appears here. EXPERIMENTAL In places where this typographical convention cannot be used, such as in tables or figures, the |
1. Scope
This document defines the format of Security Protocol and Data Model (SPDM) over MCTP messages.
This document describes:
2. Normative references
The following referenced documents are indispensable for the application of this document. For dated or versioned references, only the edition cited (including any corrigenda or DMTF update versions) applies. For references without a date or version, the latest published edition of the referenced document (including any corrigenda or DMTF update versions) applies.
- DMTF DSP0236, MCTP Base Specification 1.3.0, https://dmtf.org/sites/default/files/standards/documents/DSP0236_1.3.0.pdf
- DMTF DSP0239, MCTP IDs and Codes 1.6.0, https://www.dmtf.org/sites/default/files/standards/documents/DSP0239_1.6.0.pdf
- DMTF DSP0274, Security Protocol and Data Model (SPDM) Base Specification 0.9.0, Add link
- ISO/IEC Directives, Part 2, Principles and rules for the structure and drafting of ISO and IEC documents, https://isotc.iso.org/livelink/livelink.exe?func=ll&objId=4230456&objAction=browse&sort=subtype
- IETF RFC5234, Augmented BNF for Syntax Specifications: ABNF, January 2008, https://tools.ietf.org/html/rfc5234
3. Terms and definitions
In this document, some terms have a specific meaning beyond the normal English meaning. Those terms are defined in this clause.
The terms "shall" ("required"), "shall not," "should"("recommended"), "should not" ("not recommended"), "may," "need not" ("not required"), "can" and "cannot" in this document are to be interpreted as described in ISO/IEC Directives, Part 2, Clause 7. The terms in parentheses are alternatives for the preceding term, for use in exceptional cases when the preceding term cannot be used for linguistic reasons. Note that ISO/IEC Directives, Part 2, Clause 7 specifies additional alternatives. Occurrences of such additional alternatives shall be interpreted in their normal English meaning.
The terms "clause," "subclause," "paragraph," and "annex" in this document are to be interpreted as described in ISO/IEC Directives, Part 2, Clause 6.
The terms "normative" and "informative" in this document are to be interpreted as described in ISO/IEC Directives, Part 2, Clause 3. In this document, clauses, subclauses, or annexes labeled "(informative)" do not contain normative content. Notes and examples are always informative elements.
The terms defined in DSP0236, DSP0239, and DSP0274 apply to this document.
4. Symbols and abbreviated terms
The abbreviations defined in DSP0236, DSP0239, and DSP0274 apply to this document.
5. SPDM over MCTP binding
This specification defines how the Security protocol and data models transported over MCTP communications. SPDM is supported as a message type over MCTP. SPDM over MCTP binding defines the format of SPDM messages transported over MCTP. DSP0274 defines the common fields for SPDM messages and their usage.
5.1. SPDM over MCTP message fields
Figure 1 shows the fields of an MCTP message body carrying an SPDM message.
 |
|---|
| Figure 1 — SPDM over MCTP message fields |
Table 1 defines the fields for the SPDM over MCTP message.
Table 1: SPDM over MCTP message field descriptions
| Field name | Field size | Description |
|---|---|---|
| IC | One bit | Check bit = 0bSPDM over MCTP messages do not include an overall message integrity check field. |
| Message type | Seven bits | SPDM = 0x05 (000_0101b)Indicates that the MCTP message contains an SPDM message. |
| SPDM message | Variable | DSP0274 defines the base SPDM message fields. |
5.2. Requestor and Responder Tracking
The Responder shall use the Source EID in the request message to track each SPDM Requestor. The Requestor shall use the Source EID in the response message to track each SPDM Responder.
6. ANNEX A (informative)
6.1. Change log
| Version | Date | Description |
|---|---|---|
| 0.9.0 | 2019-05-08 | Work-in-progress release. |
7. Bibliography
DMTF DSP4014, DMTF Process for Working Bodies 2.6, https://www.dmtf.org/sites/default/files/standards/documents/DSP4014_2.6.pdf
DSP0275