SPDM 更新.pdf

《SPDM 更新.pdf》由会员分享，可在线阅读，更多相关《SPDM 更新.pdf（14页珍藏版）》请在三个皮匠报告上搜索。

1、Brett Henning,Broadcom Inc.,Co-chair SPDM Working GroupJeff Hilland,HPE Labs,DMTF President,Co-chair SPDM Working GroupSPDM UpdateSPDM UpdateBrett HenningJeff HillandSECURITYThe information in this presentation represents a snapshot of work in progress within the DMTF SPDM WG.This information is sub

2、ject to change without notice.The standard specifications remain the normative reference for all information.For additional information,see the DMTF website.This information is a summary of the information that will appear in the specifications.See the specifications for further details.DisclaimerAl

3、liance Partners and AdoptersWhy Platform SecurityAll SPDM features fall into at least one of these main goals:Device Attestation and AuthenticationSecure Communication over any transportDevice Attestation and AuthenticationThe ability to attest various aspects of a device such as firmware integrity

4、and device identitySPDMs Overall GoalsSupport latest cryptography standardsEspecially post quantum crypto(PQC)algorithms,such as ML-DSA,ML-KEM,and SLH-DSASecure Communication over any TransportProvide the ability to secure communication of any data or management traffic over any transportWork with i

5、ndustry partners to ensure data in-flight is secure for all parts of the infrastructure(e.g.,storage,network fabrics,etc.)PQC support in algorithm negotiation,certificates,and key pair information messagesML-KEM(FIPS 203),ML-DSA(FIPS 204),SLH-DSA(FIPS 205)Certificate slot managementDefines“banks”of

6、certificate slots,for managing certificates of different signing algorithms.A bank contains up to 8 slots of certificates of the same signing algorithm.A device may support multiple signing algorithms,hence multiple banks.Miscellaneous:Added SET_KEY_PAIR_RESET_CAP Added salt length requirement for R