Re: [RFC v3 00/27] lib: Rust implementation of SPDM

Next message: Marco Crivellari: "Re: [PATCH] xfs: convert alloc_workqueue users to WQ_UNBOUND"
Previous message: Andrew Jeffery: "Re: [PATCH v1] arm64: dts: nuvoton: drop unused syscon property from watchdog node"
In reply to: Greg KH: "Re: [RFC v3 00/27] lib: Rust implementation of SPDM"
Next in thread: Jason Gunthorpe: "Re: [RFC v3 00/27] lib: Rust implementation of SPDM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lukas Wunner

Date: Thu Feb 19 2026 - 04:35:16 EST

On Wed, Feb 18, 2026 at 08:56:14PM -0400, Jason Gunthorpe wrote:
> And not sure we should be dumping any certs in sysfs if the plan for
> the other stuff is netlink, it should be consistent I think.

It has turned out to be super convenient to expose the 8 slots with
certificate chains in sysfs for direct examination with openssl and
similar tools, without having to go through netlink.

Originally the plan was to make the certificates/slot[0..7] files
also writable and the kernel would implicitly perform a SET_CERTIFICATE
SPDM exchange with the device when writing to those files.
Unfortunately with SPDM 1.3 the spec editors made things more
complicated, *cough* sorry *more flexible* with additional CertModel
and KeyPairID attributes. That additional complexity makes it less
suitable for sysfs, hence for *provisioning* netlink is indeed the
better choice. But just for *reading* the certificates in the slots,
sysfs exposure is very useful.

Thanks,

Lukas