Re: [RFC v3 00/27] lib: Rust implementation of SPDM

Next message: Namjae Jeon: "Re: linux-next inclusion request : ntfs filesystem"
Previous message: pr-tracker-bot: "Re: [GIT PULL] turbostat v2026.02.14"
Next in thread: Alistair Francis: "Re: [RFC v3 00/27] lib: Rust implementation of SPDM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Jason Gunthorpe

Date: Tue Feb 17 2026 - 18:57:47 EST

On Wed, Feb 11, 2026 at 01:29:07PM +1000, alistair23@xxxxxxxxx wrote:
> From: Alistair Francis <alistair.francis@xxxxxxx>
>
> Security Protocols and Data Models (SPDM) [1] is used for authentication,
> attestation and key exchange. SPDM is generally used over a range of
> transports, such as PCIe, MCTP/SMBus/I3C, ATA, SCSI, NVMe or TCP.
>
> >From the kernels perspective SPDM is used to authenticate and attest devices.
> In this threat model a device is considered untrusted until it can be verified
> by the kernel and userspace using SPDM. As such SPDM data is untrusted data
> that can be mallicious.
>
> The SPDM specification is also complex, with the 1.2.1 spec being almost 200
> pages and the 1.3.0 spec being almost 250 pages long.
>
> As such we have the kernel parsing untrusted responses from a complex
> specification, which sounds like a possible exploit vector. This is the type
> of place where Rust excels!

I was arguing for exactly this at a recent conference, so I'm glad to
see it. It is a great meaningful usecase for rust in the kernel.

IIRC the netlink was my suggestion too, it really needs a careful
look on its own. It is much better than sysfs, but comes with its own
pitfalls.

You might want to try to break this up into two parts, one just dumps
a large text file in debugfs where there are not uAPI rules. This
would let the rust work proceed.

And another to introduce a proper uAPI for the data.

It will be easier to get the right people interested in both parts if
it is split up I think, given the size.

Jason