lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260211032935.2705841-1-alistair.francis@wdc.com>
Date: Wed, 11 Feb 2026 13:29:07 +1000
From: alistair23@...il.com
To: bhelgaas@...gle.com,
	lukas@...ner.de,
	rust-for-linux@...r.kernel.org,
	akpm@...ux-foundation.org,
	linux-pci@...r.kernel.org,
	Jonathan.Cameron@...wei.com,
	linux-cxl@...r.kernel.org,
	linux-kernel@...r.kernel.org
Cc: alex.gaynor@...il.com,
	benno.lossin@...ton.me,
	boqun.feng@...il.com,
	a.hindborg@...nel.org,
	gary@...yguo.net,
	bjorn3_gh@...tonmail.com,
	tmgross@...ch.edu,
	alistair23@...il.com,
	ojeda@...nel.org,
	wilfred.mallawa@....com,
	aliceryhl@...gle.com,
	Alistair Francis <alistair.francis@....com>
Subject: [RFC v3 00/27] lib: Rust implementation of SPDM

From: Alistair Francis <alistair.francis@....com>

Security Protocols and Data Models (SPDM) [1] is used for authentication,
attestation and key exchange. SPDM is generally used over a range of
transports, such as PCIe, MCTP/SMBus/I3C, ATA, SCSI, NVMe or TCP.

>From the kernels perspective SPDM is used to authenticate and attest devices.
In this threat model a device is considered untrusted until it can be verified
by the kernel and userspace using SPDM. As such SPDM data is untrusted data
that can be mallicious.

The SPDM specification is also complex, with the 1.2.1 spec being almost 200
pages and the 1.3.0 spec being almost 250 pages long.

As such we have the kernel parsing untrusted responses from a complex
specification, which sounds like a possible exploit vector. This is the type
of place where Rust excels!

This series implements a SPDM requester in Rust.

This is very similar to Lukas' implementation [2]. This series includes patches
and files from Lukas' C SPDM implementation, which isn't in mainline.

This is a standalone series and doesn't depend on Lukas' implementation.

To help with maintaining compatibility it's designed in a way to match Lukas'
design and the state struct stores the same information, although in a Rust
struct instead of the original C one.

This series exposes the data to userspace via netlink, with a single sysfs
atrribute to allow reauthentication.

All of the patches are included in the RFC, as it depends on some patches
that aren't upstream yet.

Now that Rust is no longer experimental I have picked this back up. If the
community is generally on board with a Rust implementation I can work on
sending a non-RFC version and push towards getting that merged.

The entire tree can be seen here: https://github.com/alistair23/linux/tree/alistair/spdm-rust

I'm testing the netlink data by running the following

```shell
cargo run -- --qemu-server response

qemu-system-x86_64 \
  -nic none \
  -object rng-random,filename=/dev/urandom,id=rng0 \
  -device virtio-rng-pci,rng=rng0 \
  -drive file=deploy/images/qemux86-64/core-image-pcie-qemux86-64.rootfs.ext4,if=virtio,format=raw \
  -usb -device usb-tablet -usb -device usb-kbd \
  -cpu Skylake-Client \
  -machine q35,i8042=off \
  -smp 4 -m 2G \
  -drive file=blknvme,if=none,id=mynvme,format=raw \
  -device nvme,drive=mynvme,serial=deadbeef,spdm_port=2323,spdm_trans=doe \
  -snapshot \
  -serial mon:stdio -serial null -nographic \
  -kernel deploy/images/qemux86-64/bzImage \
  -append 'root=/dev/vda rw  console=ttyS0 console=ttyS1 oprofile.timer=1 tsc=reliable no_timer_check rcupdate.rcu_expedited=1 swiotlb=0 '

spdm_utils identify &
sleep 1
echo re > /sys/devices/pci0000:00/0000:00:03.0/authenticated
while openssl x509 -noout -text; do :; done < ~/retrieved_slot_id0
```

1: https://www.dmtf.org/standards/spdm
2: https://lore.kernel.org/all/cover.1719771133.git.lukas@wunner.de/
3: https://github.com/l1k/linux/commits/spdm-future/
4: https://lore.kernel.org/rust-for-linux/20240925205244.873020-1-benno.lossin@proton.me/
5: https://lore.kernel.org/rust-for-linux/20250107035058.818539-1-alistair@alistair23.me/

v3:
 - Use netlink to send information to userspace
 - Don't autogenerate Rust helpers
v2:
 - Drop support for Rust and C implementations
 - Include patches from Lukas to reduce series deps
 - Large code cleanups based on more testing
 - Support support for authentication

Alistair Francis (18):
  rust: add bindings for hash.h
  rust: error: impl From<FromBytesWithNulError> for Kernel Error
  lib: rspdm: Initial commit of Rust SPDM
  lib: rspdm: Support SPDM get_version
  lib: rspdm: Support SPDM get_capabilities
  lib: rspdm: Support SPDM negotiate_algorithms
  lib: rspdm: Support SPDM get_digests
  lib: rspdm: Support SPDM get_certificate
  crypto: asymmetric_keys - Load certificate parsing early in boot
  KEYS: Load keyring and certificates early in boot
  PCI/CMA: Support built in X.509 certificates
  crypto: sha: Load early in boot
  crypto: ecdsa: Load early in boot
  lib: rspdm: Support SPDM certificate validation
  rust: allow extracting the buffer from a CString
  lib: rspdm: Support SPDM challenge
  PCI/CMA: Expose in sysfs whether devices are authenticated
  rust: add bindings for hash_info

Benno Lossin (1):
  rust: add untrusted data abstraction

Jonathan Cameron (1):
  PCI/CMA: Authenticate devices on enumeration

Lukas Wunner (7):
  X.509: Make certificate parser public
  X.509: Parse Subject Alternative Name in certificates
  X.509: Move certificate length retrieval into new helper
  certs: Create blacklist keyring earlier
  PCI/CMA: Validate Subject Alternative Name in certificates
  PCI/CMA: Reauthenticate devices on reset and resume
  rspdm: Multicast received signatures via netlink

 Documentation/ABI/testing/sysfs-devices-spdm |   31 +
 Documentation/netlink/specs/spdm.yaml        |  136 +++
 MAINTAINERS                                  |   14 +
 certs/blacklist.c                            |    4 +-
 certs/system_keyring.c                       |    8 +-
 crypto/asymmetric_keys/asymmetric_type.c     |    2 +-
 crypto/asymmetric_keys/x509_cert_parser.c    |    9 +
 crypto/asymmetric_keys/x509_loader.c         |   38 +-
 crypto/asymmetric_keys/x509_parser.h         |   42 +-
 crypto/asymmetric_keys/x509_public_key.c     |    2 +-
 crypto/ecdsa.c                               |    2 +-
 crypto/sha256.c                              |    2 +-
 crypto/sha3.c                                |    2 +-
 crypto/sha512.c                              |    2 +-
 drivers/pci/Kconfig                          |   16 +
 drivers/pci/Makefile                         |    4 +
 drivers/pci/cma.asn1                         |   41 +
 drivers/pci/cma.c                            |  269 +++++
 drivers/pci/doe.c                            |    5 +-
 drivers/pci/pci-driver.c                     |    1 +
 drivers/pci/pci-sysfs.c                      |    3 +
 drivers/pci/pci.c                            |   12 +-
 drivers/pci/pci.h                            |   15 +
 drivers/pci/pcie/err.c                       |    3 +
 drivers/pci/probe.c                          |    1 +
 drivers/pci/remove.c                         |    1 +
 include/keys/asymmetric-type.h               |    2 +
 include/keys/system_keyring.h                |    4 +
 include/keys/x509-parser.h                   |   57 +
 include/linux/oid_registry.h                 |    3 +
 include/linux/pci-doe.h                      |    4 +
 include/linux/pci.h                          |   16 +
 include/linux/spdm.h                         |   39 +
 include/uapi/linux/spdm_netlink.h            |   49 +
 lib/Kconfig                                  |   17 +
 lib/Makefile                                 |    2 +
 lib/rspdm/Makefile                           |   12 +
 lib/rspdm/consts.rs                          |  213 ++++
 lib/rspdm/lib.rs                             |  180 +++
 lib/rspdm/netlink-autogen.c                  |   33 +
 lib/rspdm/netlink-autogen.h                  |   22 +
 lib/rspdm/req-netlink.c                      |  197 ++++
 lib/rspdm/req-sysfs.c                        |   98 ++
 lib/rspdm/spdm.h                             |   45 +
 lib/rspdm/state.rs                           | 1093 ++++++++++++++++++
 lib/rspdm/sysfs.rs                           |   38 +
 lib/rspdm/validator.rs                       |  489 ++++++++
 rust/bindings/bindings_helper.h              |   11 +
 rust/helpers/hash.c                          |   18 +
 rust/helpers/hash_info.c                     |    8 +
 rust/helpers/helpers.c                       |    2 +
 rust/kernel/error.rs                         |   10 +
 rust/kernel/lib.rs                           |    1 +
 rust/kernel/str.rs                           |    5 +
 rust/kernel/validate.rs                      |  605 ++++++++++
 55 files changed, 3866 insertions(+), 72 deletions(-)
 create mode 100644 Documentation/ABI/testing/sysfs-devices-spdm
 create mode 100644 Documentation/netlink/specs/spdm.yaml
 create mode 100644 drivers/pci/cma.asn1
 create mode 100644 drivers/pci/cma.c
 create mode 100644 include/keys/x509-parser.h
 create mode 100644 include/linux/spdm.h
 create mode 100644 include/uapi/linux/spdm_netlink.h
 create mode 100644 lib/rspdm/Makefile
 create mode 100644 lib/rspdm/consts.rs
 create mode 100644 lib/rspdm/lib.rs
 create mode 100644 lib/rspdm/netlink-autogen.c
 create mode 100644 lib/rspdm/netlink-autogen.h
 create mode 100644 lib/rspdm/req-netlink.c
 create mode 100644 lib/rspdm/req-sysfs.c
 create mode 100644 lib/rspdm/spdm.h
 create mode 100644 lib/rspdm/state.rs
 create mode 100644 lib/rspdm/sysfs.rs
 create mode 100644 lib/rspdm/validator.rs
 create mode 100644 rust/helpers/hash.c
 create mode 100644 rust/helpers/hash_info.c
 create mode 100644 rust/kernel/validate.rs

-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ