bmcweb ComponentIntegrity routes for SPDM attestation
Ed Tanous
ed at tanous.net
Tue Mar 31 07:22:10 AEDT 2026
On Sun, Mar 29, 2026 at 2:19 PM Gary Beihl <garybeihl at microsoft.com> wrote:
>
> Hello everyone,
>
>
>
> I have been looking at SPDM attestation end-to-end testing using Renode and have a working bmcweb implementation of the Redfish ComponentIntegrity routes that consumes the D-Bus interfaces already merged in phosphor-dbus-interfaces [1]. I noticed that the previous bmcweb WIP for ComponentIntegrity was auto-abandoned [2] and there does not appear to be an active effort to implement these routes upstream.
>
>
>
> The routes are designed to complement the spdmd D-Bus backend work currently in review [3][4], providing the Redfish frontend needed to complete the attestation stack described in the design document [5].
>
>
>
> I wanted to check whether anyone is already working on bmcweb routes downstream before submitting to Gerrit. If not, I am happy to contribute and collaborate on getting this piece upstream.
>
>
>
> References:
>
> 1. https://github.com/openbmc/phosphor-dbus-interfaces/tree/master/yaml/xyz/openbmc_project/Attestation
>
> 2. https://gerrit.openbmc.org/c/openbmc/bmcweb/+/61702
I wrote this patch in about 25 minutes while sitting in a meeting
discussing how difficult the SPDM/ComponentIntegrity feature would be
to build. If you want to take it over, feel free. If you have
updates, please send them to Gerrit, and I will be happy to review. I
don't know anyone who has continued the component integrity work on
Redfish, so the engineering work is likely yours if you want to take
it on.
>
> 3. https://gerrit.openbmc.org/c/openbmc/spdm/+/80272
>
> 4. https://gerrit.openbmc.org/c/openbmc/spdm/+/80274
>
> 5. https://github.com/openbmc/docs/blob/master/designs/redfish-spdm-attestation.md
>
>
>
> Looking forward to your thoughts,
>
>
>
> Gary Beihl
>
> Firmware Engineering
>
> Microsoft Corporation
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
More information about the openbmc
mailing list