Speaker
Description
Security Protocols and Data Models (SPDM) is used for authentication, attestation and key exchange. SPDM is generally used over a range of transports, such as PCIe, MCTP/SMBus/I3C, ATA, SCSI, NVMe or TCP.
From the kernels perspective SPDM is used to authenticate and attest devices. In this threat model a device is considered untrusted until it can be verified by the kernel and userspace using SPDM. As such SPDM data is untrusted data that is possibly from a mallicious device. The SPDM specification is also complex, with the 1.2.1 spec being almost 200 pages and the 1.3.0 spec being almost 250 pages long.
As such we have the kernel parsing untrusted responses from a complex specification, which sounds like a possible exploit vector. This is the type of place where Rust excels!
Over the last few years there has been gradual momentum building for SPDM support in the kernel and an implementation written in Rust. This implementation is in charge of authenticating and attesting untrusted and potentially malicious devices in the kernel using Rust code. The kernel also needs to allow userspace to apply security policies and allow remote verifiers to verify the running system, even with a possible malicious kernel.
This talk is going to cover the current status of the SPDM Rust implementation, how and why we got here and then discuss next steps for getting it merged into mainline.
It's not even over once SPDM is supported in the kernel though, as there are a range of more complex features that need to be supported. We can also talk about future features and what they might look like, ensuring we don't step on any PCI TSM feet.