Skip to content

2.2.0
Compare
Choose a tag to compare
@jyao1 jyao1 released this 04 Oct 00:39
· 1065 commits to main since this release
2.2.0
d3f5c69

Tag 2.2.0 fixes an implementation defect present in tags 2.1.0 and previous. #1136. According to the SPDM specification, the ResponderVerifyData / RequesterVerifyData during secure session establishment should be calculated based on HMAC(finished_key, hash(transcript)). In tags 2.1.0 and previous, the libspdm calculated ResponderVerifyData / RequesterVerifyData as HMAC(finished_key, transcript). While tag 2.2.0 has corrected this defect it means that a tag 2.2.0 endpoint will not be able to establish a secure session with a tag 2.1.0 and previous endpoint.

This is an SPDM specification compliance issue, we suggest the consumers use the tag 2.2.0 for further development.

Major feature:

  1. Align to SPDM 1.2.1 spec https://www.dmtf.org/dsp/DSP0274
Assets 2
Loading