11.1 Security Protocol and Data Model (SPDM) Properties

The following figure shows the properties of Security Protocol and Data Model (SPDM) information and settings.

Click on Controller node in the Enterprise tree view, then click on Security tab to view the properties of Security Protocol and Data Model (SPDM).

The Security tab contains the following three panels:
  • Security Info
  • Settings and Status
  • Account Info

Security Protocol and Data Model (SPDM) properties are available in Security Info and Settings and Status panel.

The Security Info panel has Security Protocol and Data Model (SPDM) Info section that contains the following properties:
  • Version: Current version of the SPDM.
  • Endpoint ID: Endpoint ID of a peer device.
  • Authority Key ID: It is a field in the Security Protocol and Data Model (SPDM) specification that identifies the public key of the authority that issued a certificate.
  • Cryptographic Timeout Exponent: It is reported in microseconds in the capabilities message. The equation for cryptographic timeout (CT) is 2^CT microseconds.
  • Capabilities: Describes the capabilities of the Endpoint. Click on the info icon to see the capabilities supported. For more information, see SPDM specification.

Following are the Flag Fields as per SPDM specification:

  • Cache Negotiated State: Cache Negotiated State is a feature that allows the Responder to cache the state of a previously negotiated parameter during a previous SPDM session. This feature is used to optimize subsequent SPDM sessions by avoiding the need to renegotiate the same parameter.
  • Digests and Certificate: Digests and Certificate are used to ensure the integrity and authenticity of communication between the Requester and Responder. Digests are used in SPDM to compute a fixed-length hash value of a message or data. Certificates are used in SPDM to provide authentication and to ensure the integrity of communication between the Requester and Responder.
  • Challenge: A Challenge is a cryptographic mechanism used to authenticate the Requester and the Responder during the protocol initialization phase. The Challenge mechanism involves the exchange of challenge messages between the Requester and Responder, which are used to verify each other's identity and establish a shared secret for subsequent communication.
  • Measurements Fresh: Measurements Fresh feature requires the Responder to provide fresh platform measurements during each SPDM session. This feature is used to ensure that the platform measurements are up-to-date and were not tampered earlier.
  • Measurements With Signature: Measurements With Signature feature requires the Responder to sign the platform measurements before sending them to the Requester. This feature is used to ensure the integrity and authenticity of the measurements and to provide an additional layer of security to the SPDM protocol.
  • Measurements Without Signature: Measurements Without Signature feature allows the Requester to send a Measurement message to the Responder without requiring the Responder to sign the measurement data.
  • Derived Pre-Shared Key: Pre-Shared Key (PSK) is a type of cryptographic key that is shared in advance between two parties to secure their communication. A Derived Key in the context of SPDM is a cryptographic key that is derived from a shared secret using a key derivation function (KDF).
  • Single Pre-Shared Key (PSK): Pre-Shared Key (PSK) is a type of cryptographic key that is shared in advance between two parties to secure their communication. A Single Key refers to a cryptographic key that is used for both message encryption and message authentication.

For more information, see the Security Protocol and Data Model (SPDM) specification at https://www.dmtf.org/standards/spdm.