Received: by 2002:a05:7412:d8a:b0:e2:908c:2ebd with SMTP id b10csp376876rdg; Thu, 12 Oct 2023 08:09:46 -0700 (PDT) X-Google-Smtp-Source: AGHT+IE4qbi4RbMdl4k6yGtcHcSP0YvOm3K2E2y+V8UgycrHQRtHWyComXZgxPB5OFiE0hvVdqqi X-Received: by 2002:a17:90a:788e:b0:276:ae0f:57c0 with SMTP id x14-20020a17090a788e00b00276ae0f57c0mr21344701pjk.19.1697123386519; Thu, 12 Oct 2023 08:09:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1697123386; cv=none; d=google.com; s=arc-20160816; b=dMH2U8b37w75dQDqxYM2HzAVMOc+hl3qlwO4HI6rO9UKrR1tncFI9w+98/+9ypADEQ Z2o8aaEyj+jZExrWZfXL7LXoKDdJFG0HIojywjuNbbGcEUznadEvapIn4xVC+qDTdHr3 A9i3LjmZcaIb/ps+Lj2rpAIyrc47Y9QNUnhwFUC4T6EONYM1teHj9yor4Dmia5v4ph1x 7d4LI2Qfr9VmiJ60KZoN1ZtMQJq5IrDpB4zO6SVY/5aZME2+kXZvKsAgPtMmmAMt25O+ 1Wcnt7dlyjiOPvHq7mBZw8IxxWNxdcWalKYqgx2wVAKxPVuegsJyWFijWlrHdHzZeHiF 4Cug== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :organization:references:in-reply-to:message-id:subject:cc:to:from :date; bh=eSdMv4uLvMRf5xq7LTfbxzPINuYhY5XgMEDXhykdwbQ=; fh=Zg1G0SIzuEbK0DAJJAWg/+RUatn+x+o8KSNVtvPpuWw=; b=ga5yRNp3VCx9i15Mul+H+opCDeVBy+opooqi9209SHfDZ3DwLvLm+kFD+nvxzUIT/H foh+mCaTrvy0ZKp4HJCxuOOi6CcX4/jd+sUyOXifmnJN350IN9JFGq5icFF49cu2sW6C u+4l/eE4nzh8a8AiOAtqLXL4d58oHbs0rBl2dHHsiVuMKpCUiNhk66C9qxJGyH/9lR96 v4VLF5vNgps0IXfxOT6pi51Ecp4pGsWHMGpGfgpMz92bA+vNfiqADjXbwcENMJlq2sUI wXKaWkSRYbYF7LIXnqyTE2uGBUErUeyTeh69WxOoKBYJEdsw/nwo+ZwHr4MbYoTBioD9 3vpQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Return-Path: Received: from fry.vger.email (fry.vger.email. [23.128.96.38]) by mx.google.com with ESMTPS id w10-20020a17090a8a0a00b0027d22503b9esi1476481pjn.84.2023.10.12.08.09.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 12 Oct 2023 08:09:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) client-ip=23.128.96.38; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.38 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id B7B8F832A220; Thu, 12 Oct 2023 08:09:42 -0700 (PDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.10 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347050AbjJLPJk (ORCPT + 99 others); Thu, 12 Oct 2023 11:09:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36392 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1346441AbjJLPJj (ORCPT ); Thu, 12 Oct 2023 11:09:39 -0400 Received: from frasgout.his.huawei.com (frasgout.his.huawei.com [185.176.79.56]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E150FC0; Thu, 12 Oct 2023 08:09:36 -0700 (PDT) Received: from lhrpeml500005.china.huawei.com (unknown [172.18.147.200]) by frasgout.his.huawei.com (SkyGuard) with ESMTP id 4S5tMX1WhJz67n0t; Thu, 12 Oct 2023 23:09:12 +0800 (CST) Received: from localhost (10.202.227.76) by lhrpeml500005.china.huawei.com (7.191.163.240) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.31; Thu, 12 Oct 2023 16:09:34 +0100 Date: Thu, 12 Oct 2023 16:09:33 +0100 From: Jonathan Cameron To: Lukas Wunner CC: Alistair Francis , "kvm@vger.kernel.org" , "linux-coco@lists.linux.dev" , Wilfred Mallawa , "graf@amazon.com" , "linux-cxl@vger.kernel.org" , "davem@davemloft.net" , "ming4.li@intel.com" , "herbert@gondor.apana.org.au" , "helgaas@kernel.org" , "alex.williamson@redhat.com" , "seanjc@google.com" , "zhi.a.wang@intel.com" , "dwmw2@infradead.org" , "dave.jiang@intel.com" , "linux-crypto@vger.kernel.org" , "thomas.lendacky@amd.com" , "keyrings@vger.kernel.org" , "aik@amd.com" , "david.e.box@intel.com" , "linuxarm@huawei.com" , "linux-pci@vger.kernel.org" , "dhowells@redhat.com" , "dan.j.williams@intel.com" Subject: Re: [PATCH 07/12] spdm: Introduce library to authenticate devices Message-ID: <20231012160933.00007c3d@Huawei.com> In-Reply-To: <20231012071629.GA6305@wunner.de> References: <89a83f42ae3c411f46efd968007e9b2afd839e74.1695921657.git.lukas@wunner.de> <20231003153937.000034ca@Huawei.com> <20231012071629.GA6305@wunner.de> Organization: Huawei Technologies Research and Development (UK) Ltd. X-Mailer: Claws Mail 4.1.0 (GTK 3.24.33; x86_64-w64-mingw32) MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Originating-IP: [10.202.227.76] X-ClientProxiedBy: lhrpeml100005.china.huawei.com (7.191.160.25) To lhrpeml500005.china.huawei.com (7.191.163.240) X-CFilter-Loop: Reflected X-Spam-Status: No, score=-0.8 required=5.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Thu, 12 Oct 2023 08:09:42 -0700 (PDT) On Thu, 12 Oct 2023 09:16:29 +0200 Lukas Wunner wrote: > On Thu, Oct 12, 2023 at 03:26:44AM +0000, Alistair Francis wrote: > > On Tue, 2023-10-03 at 15:39 +0100, Jonathan Cameron wrote: > > > On Thu, 28 Sep 2023 19:32:37 +0200 Lukas Wunner wrote: > > > > This implementation supports SPDM 1.0 through 1.3 (the latest > > > > version). > > > > > > I've no strong objection in allowing 1.0, but I think we do need > > > to control min version accepted somehow as I'm not that keen to get > > > security folk analyzing old version... > > > > Agreed. I'm not sure we even need to support 1.0 > > According to PCIe r6.1 page 115 ("Reference Documents"): > > "CMA requires SPDM Version 1.0 or above. IDE requires SPDM Version 1.1 > or above. TDISP requires version 1.2 or above." > > This could be interpreted as SPDM 1.0 support being mandatory to be > spec-compliant. Even if we drop support for 1.0 from the initial > bringup patches, someone could later come along and propose a patch > to re-add it on the grounds of the above-quoted spec section. > So I think we can't avoid it. I checked with some of our security folk and they didn't provide a reason to avoid 1.0. It's not feature complete, but for what it does it's fine. So given the PCI spec line you quote keep it for now. We should be careful to require the newer versions for the additional features though. Can address that when it's relevant. Jonathan > > Thanks, > > Lukas >