Session
FOSDEM Schedule 2021
Open Source Firmware, BMC and Bootloader

Using OpenSPDM in Firmware as a Foundation for Secure Device Communication

Security Protocol and Data Model (SPDM) is a standard published by the Distributed Management Task Force (DMTF) organization Platform Management Components Intercommunication (PMCI) working group. SPDM’s vision is to resolve the long-lasting problem of compatible secure communication solution between two endpoints of embedded systems. Protocols defined by SPDM can be used for a wide range of security functionalities including authentication of hardware/firmware identities, delivering measurements, performing attestation, and establishing session keys for secure communication channels. This presentation introduces OpenSPDM, an open-source sample implementation which implements an SPDM requester utility to validate a vendor’s responder implementation. The talk covers SPDM 1.0 device authentication and firmware measurement collection, and SPDM 1.1 session creation for data communication protection. The audience will learn the main components of the SPDM protocol. A firmware solution builder will learn how to implement a SPDM requester to perform device authentication/attestation and create a secured session with a target device. A device builder will learn how to implement a SPDM responder for authentication/measurement requests and create a secured session to protect communications.

Additional information

Type devroom

More sessions

2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
This is the continuation of the "Status of AMD platform in coreboot" presented last year on the Open Source Firmware, BMC and Bootloader devroom. The talk will cover the news around the AMD support in Open Source Firmware ecosystem from the past year. You will hear, among others, about: FSF RYF KGPE-D16 platform revival, AMD Ryzen R1000/V1000 series AGESA integration into open source TianoCore EDK2, TrenchBoot new features and updates and current support of AMD Picasso and Cezanne SoCs in ...
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
​​OpenBMC is an Open Source Software project started in an effort to create a secure, scalable, open source firmware code for BMC. Apart from the usual benefits arising from Open Source nature, OpenBMC brings in additional advantages like a.) state-of-the-art build system based on Yocto - an embedded linux distribution - which simplifies the process of building customized Linux, b.) Robust Managebility framework based on (4 pillars - REST, JSON, HTTPS, ODATAv4) RedFish, c.) Superior ...
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
During that presentation I will run a quick demo of the OSFCI infrastructure which is developed by HPE to validate and build Open Source Firmware stack on Proliant server. I will introduce an overview at how the code works, and how to get involve, and make scale the platform. This project is available on github. https://github.com/hewlettpackard/osfci
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
With the advancement of open source firmware projects, we need a reliable quality assurance process to automate the firmware level testing. In this talk I'd like to show how we build up a ecosystem for open-source firmware testing and show by example how we integrated one project into that ecosystem. This talk aims to give a status update what has been show on the OSFC2020, and also encourage people to get involved and participate in open-source firmware testing. All code shown is open-source ...
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
RISC-V is a relatively new ISA and platform, which has been evolving rapidly. A few Linux distributions already have good support and have compiled most of their packages for it. The boot process has been neglected and only recently did everyone start using the widely used embedded bootloader U-Boot instead of a custom research bootloader. We have ported the EDK2 reference implementation of UEFI to make the boot process more like current desktops and servers. This talk explains how we did that, ...
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
Utilizing secure boot should be simple. Our current tooling is badly integrated, abstractions leaking and the code bases are not reusable. Functionality is spread between several projects and not one covers all your needs. This amounts to a confusing landscape. sbctl and go-uefi is a tool, and a low-level UEFI library, that attempts to push the secure boot landscape forward.
2/6/21
Open Source Firmware, BMC and Bootloader
D.firmware
There is existing work in the public space on how to correctly construct a DRTM launch but not an equivalent amount on how to maintain the integrity of the DRTM launch over the lifecycle of a system. In particular a specific area of concern is how to correctly construct a secure upgrade for the DRTM launch that minimizes the risk of the process being corrupted. There are a few challenges that must be overcome and in this presentation these will be covered along with a novel approach that will ...