Using SPDM in UEFI for Device Attestation

Security Protocol and Data Model (SPDM) is a DMTF defined industry standard for device authentication, provisioning, measurement collection, and secure communication. The UEFI specification 2.10 release describes how to perform device authentication in UEFI firmware. The TCG Platform Firmware Profile (PFP) Specification 1.06 release describes how to leverage SPDM to collect device measurements in the pre-boot phase. In this talk, we will introduce SPDM and how to apply it in EDKII firmware to support the mechanisms defined in UEFI 2.10 and TCG PFP 1.06. In addition, we will review a Microsoft Surface use case on making use of SPDM to interact with a Solid State Disk (SSD) device.