Skip to content

Addressing Note on Attestation of System Components #89

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
fdamato wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Addressing Note on Attestation of System Components #89

fdamato wants to merge 1 commit into from
+90 −61

Conversation

@fdamato
Copy link
Collaborator

@fdamato fdamato commented Jan 16, 2026

No description provided.

@fdamato
Addressing Note on Attestation of System Components
b21693f 
Signed-off-by: Fabrizio Damato <fabrizio.damato@amd.com>
@fdamato fdamato force-pushed the fadamato/attestation_of_system_components_updates branch from e479229 to b21693f Compare January 16, 2026 00:08
fdamato
fdamato commented Jan 16, 2026
View reviewed changes
Copy link
Collaborator Author

@fdamato fdamato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is just a first pass. I added few comments on the notes

specifications/attestation-of-system-components/spec.ocp
- *Platforms **MAY** use the message formats for GET\_CAPABILITIES and NEGOTIATE\_ALGORITHMS as described in* [Security Protocol and Data Model (SPDM) Specification](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.0.0.pdf) or *Device Capabilities* *as described in [Project Cerberus Firmware Challenge Specification](https://github.com/opencomputeproject/Project_Olympus/blob/master/Project_Cerberus/Project%20Cerberus%20Challenge%20Protocol.pdf) .* *Where necessary, bridge components may be responsible for translating from the native bus protocol into the GET\_CAPABILITIES/ NEGOTIATE\_ALGORITHMS message formats.*
- *Platforms **MAY** use the message formats for GET\_CAPABILITIES and NEGOTIATE\_ALGORITHMS as described in* [Security Protocol and Data Model (SPDM) Specification](https://www.dmtf.org/sites/default/files/standards/documents/DSP0274_1.0.0.pdf).

***NOTE from Bryan Kelly: "Replace Cerberus with GET_EAT"***
Copy link
Collaborator Author

@fdamato fdamato Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed below:

Attester devices MUST provide attestation evidence using one of the following methods:

   - GET_EAT command returning an Entity Attestation Token (EAT) conforming to the OCP EAT Profile, OR
   - GET_MEASUREMENTS command with the EAT located at SPDM Measurement Block 0xFD

specifications/attestation-of-system-components/spec.ocp
guidelines in this section. The OCP SPDM Profile requires support for the following
algorithms:

***NOTE from Jeremy O'Donoghue: "I would prefer to see the requirements on interoperability moved to the verifier - it generally has lower security requirements than RoT and a more performance compute environment. For example: attester must support TPM_ALG_ECDSA_NIST_P384, TPM_ALG_SHA384, AES-256-GCM, TPM_ALG_MLDSA_65 (assuming that's what TCG eventually calls the algorithm). Verifier MAY support other algorithms."***
Copy link
Collaborator Author

@fdamato fdamato Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Addressed below. Attesters have only to support

Tier 1: Mandatory Baseline Algorithms

specifications/attestation-of-system-components/spec.ocp

### Required Capabilities for SPDM

***NOTE from Bryan Kelly: "Do we need MEAS_CAP if we have GET_EAT support?"***
Copy link
Collaborator Author

@fdamato fdamato Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GET_MEASUREMENTS at slot 0xFD can also return a EAT, using a SPDM 1st class command. I left support for both GET_MEASUREMENTS and GET_EAT, if that works

bluegate010
bluegate010 reviewed Jan 16, 2026
View reviewed changes
specifications/attestation-of-system-components/spec.ocp
| MEAS_FRESH_CAP | 0 (may return cached measurements) |
| CHUNK_CAP | Supports CHUNK_SEND/CHUNK_GET |
| MEAS_CAP | Supports MEASUREMENTS and should support signed MEASUREMENTS (SPDM MEAS_CAP = 10b). |
| MEAS_FRESH_CAP | 0 (may return cached measurements) or 1 if EAT freshness is required |
Copy link
Collaborator

@bluegate010 bluegate010 Jan 16, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we still want 0 here. 1 means: "The Responder shall support recomputing all MEASUREMENTS without requiring a Reset". Even if EAT freshness is needed, 1 is an anti-pattern. the measurements should not be recomputed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bluegate010 bluegate010 bluegate010 left review comments

@steven-bellock steven-bellock Awaiting requested review from steven-bellock

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@fdamato @bluegate010