<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-2022-jp">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Aptos;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:12.0pt;
font-family:"Aptos",sans-serif;
mso-ligatures:standardcontextual;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#467886" vlink="#96607D" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt">Hello everyone,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Following up on my earlier ComponentIntegrity route email — I've completed end-to-end SPDM attestation testing using Renode (emulated AST2600 running a full OpenBMC image with spdmd + bmcweb). The Renode SpdmResponderDevice
functions as an SPDM 1.1/1.2 responder over MCTP-serial and the tests cover the full flow:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">MCTP discovery �$B"*�(B VCA �$B"*�(B GET_DIGESTS �$B"*�(B GET_CERTIFICATE �$B"*�(B CHALLENGE �$B"*�(B D-Bus property updates �$B"*�(B Redfish ComponentIntegrity<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I cherry-picked the MCTP transport series (80355, 80358, 80311, 80267, through 80359) and built against libspdm. The tests cover 14 scenarios including successful attestation, wrong-key rejection, unreachable
devices, multi-endpoint, SPDM 1.1-only devices, version mismatch, and mid-flow disconnects.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">To get these E2E tests passing, the following changes were needed on top of the current patchsets:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">(a) Missing CHALLENGE step (affects 80359: spdmd.cpp) [Security]<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The VCA flow does GET_VERSION �$B"*�(B GET_CAPABILITIES �$B"*�(B NEGOTIATE_ALGORITHMS �$B"*�(B GET_DIGESTS �$B"*�(B GET_CERTIFICATE, but stops before<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">CHALLENGE. Without CHALLENGE, the responder never proves possession of its private key — a compromised certificate would pass attestation. Adding libspdm_challenge() after GET_CERTIFICATE completes the proof-of-possession
verification.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">(b) D-Bus path and version extraction (affects spdm_dbus_responder.cpp, spdmd.cpp)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">ComponentIntegrity D-Bus path uses CamelCase: /xyz/openbmc_project/ComponentIntegrity/ but phosphor-dbus-interfaces and bmcweb expect snake_case: /xyz/openbmc_project/component_integrity/<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Also, version extraction from connection_info.version needs SPDM_VERSION_NUMBER_SHIFT_BIT before extracting major/minor nibbles.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">(c) Shared AF_MCTP socket (affects 80311: mctp_helper.hpp)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Only one socket can bind to (MCTP_ADDR_ANY, MCTP_TYPE_SPDM). When spdmd attests multiple endpoints sequentially, the second MctpIoClass::createSocket() fails with EADDRINUSE. The fix is a process-lifetime
shared socket (singleton pattern), draining stale responses between endpoint attestations with recv(MSG_DONTWAIT).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Also needed: SO_RCVTIMEO on the socket so recvfrom() doesn't block forever when a device is unreachable or disconnects mid-flow.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">(d) Certificate verification callback (affects 80359: libspdm_mctp_transport.cpp)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">libspdm_get_certificate() fails without a registered cert chain verification callback, and the current code doesn't register one. For initial bring-up, a trust-on-first-use callback that accepts any valid
chain works; production should verify against a provisioned trust anchor.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Also needed in configureContext():<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> - Register all supported SPDM versions (1.0/1.1/1.2) to enable negotiation (current code sets only one version)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> - Set requester capability flags (CERT_CAP | CHAL_CAP)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"> - Register measurement hash algorithm<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">I'm happy to submit these as follow-up Gerrit changes on top of the series, or if preferred, I can provide the diffs to fold into the existing patchsets. The Renode E2E test suite (14 scenarios) is also available
if it would be useful for CI validation.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">The bmcweb ComponentIntegrity routes are up for review at [1] and consume these D-Bus interfaces.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">[1] <a href="https://gerrit.openbmc.org/c/openbmc/bmcweb/+/88828">
https://gerrit.openbmc.org/c/openbmc/bmcweb/+/88828</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Best regards,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Gary Beihl<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Firmware Engineering<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt">Microsoft Corporation<br>
<br>
<o:p></o:p></span></p>
</div>
</body>
</html>