l1k
diff --git a/‎Documentation/ABI/testing/sysfs-devices-spdm‎
Lines changed: 95 additions & 0 deletions b/‎Documentation/ABI/testing/sysfs-devices-spdm‎
Lines changed: 95 additions & 0 deletions
diff --git a/‎Documentation/netlink/specs/spdm.yaml‎
Lines changed: 172 additions & 0 deletions b/‎Documentation/netlink/specs/spdm.yaml‎
Lines changed: 172 additions & 0 deletions
diff --git a/‎include/uapi/linux/spdm_netlink.h‎
Lines changed: 37 additions & 0 deletions b/‎include/uapi/linux/spdm_netlink.h‎
Lines changed: 37 additions & 0 deletions
diff --git a/‎lib/spdm/Makefile‎
Lines changed: 1 addition & 0 deletions b/‎lib/spdm/Makefile‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎lib/spdm/netlink-autogen.c‎
Lines changed: 33 additions & 0 deletions b/‎lib/spdm/netlink-autogen.c‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎lib/spdm/netlink-autogen.h‎
Lines changed: 24 additions & 0 deletions b/‎lib/spdm/netlink-autogen.h‎
Lines changed: 24 additions & 0 deletions
@@ -77,3 +77,98 @@ Description:
 		SPDM does not specify how to notify the kernel of such events,
 		so unless reauthentication is manually initiated to update the
 		kernel's cache, the "slot[0-7]" files may contain stale data.
+
+
+What:		/sys/devices/.../signatures/
+What:		/sys/devices/.../signatures/[0-9]*_signature
+What:		/sys/devices/.../signatures/[0-9]*_transcript
+What:		/sys/devices/.../signatures/[0-9]*_hash_algorithm
+What:		/sys/devices/.../signatures/[0-9]*_combined_spdm_prefix
+What:		/sys/devices/.../signatures/[0-9]*_certificate_chain
+Date:		June 2024
+Contact:	Lukas Wunner <lukas@wunner.de>
+Description:
+		In bash syntax, the signature is verified as follows::
+
+		 # number of signature to verify
+		 num=0
+
+		 # split certificate chain into individual certificates
+		 openssl storeutl -text ${num}_certificate_chain | \
+		     csplit -z -f /tmp/cert - '/^[0-9]*: Certificate$/' '{*}'
+
+		 # extract public key from leaf certificate
+		 leaf_cert=$(\ls /tmp/cert?? | tail -1)
+		 openssl x509 -pubkey -in ${leaf_cert} -out ${leaf_cert}.pub
+
+		 # verify signature
+		 if [ \! -s ${num}_combined_spdm_prefix ] ; then
+		     # SPDM 1.0 and 1.1
+		     openssl dgst -$(cat ${num}_hash_algorithm) \
+		         -signature ${num}_signature -verify ${leaf_cert}.pub \
+		         ${num}_transcript
+		 else
+		     # SPDM 1.2 and newer
+		     openssl dgst -$(cat ${num}_hash_algorithm) \
+		         -binary -out /tmp/transcript_hashed ${num}_transcript
+		     openssl dgst -$(cat ${num}_hash_algorithm) \
+		         -signature ${num}_signature -verify ${leaf_cert}.pub \
+		         ${num}_combined_spdm_prefix /tmp/transcript_hashed
+		 fi
+
+		Note: The above works for RSA signatures, but not for ECDSA.
+		SPDM encodes ECDSA signatures in P1363 format (concatenation of
+		two raw integers), whereas openssl only supports X9.62 format
+		(ASN.1 DER sequence of two integers).  There is no command line
+		utility to convert between the two formats, but most popular
+		crypto libraries offer conversion routines:
+
+		| https://github.com/java-crypto/cross_platform_crypto/blob/main/docs/ecdsa_signature_conversion.md
+
+		The "transcript" file can be fed to a protocol dissector to
+		examine the SPDM messages it contains:
+
+		| https://github.com/th-duvanel/spdm-wid
+		| https://github.com/jyao1/wireshark-spdm
+		| https://github.com/DMTF/spdm-dump
+
+		Note:  To ease signature verification, the "transcript" file
+		does not contain the trailing signature.  However the signature
+		is part of the final CHALLENGE_AUTH message, so the protocol
+		dissector needs to be fed the concatenation of "transcript"
+		and "signature".
+
+
+What:		/sys/devices/.../signatures/[0-9]*_type
+Date:		June 2024
+Contact:	Lukas Wunner <lukas@wunner.de>
+Description:
+		This file contains the type of event that led to signature
+		generation.  It is one of (sans quotes):
+
+		"responder-challenge_auth signing"
+
+
+What:		/sys/devices/.../signatures/[0-9]*_requester_nonce
+What:		/sys/devices/.../signatures/[0-9]*_responder_nonce
+Date:		June 2024
+Contact:	Lukas Wunner <lukas@wunner.de>
+Description:
+		These files contain the 32 byte nonce chosen by requester and
+		responder.  They allow remote attestation services to verify
+		freshness (uniqueness) of the nonces.  Nonces used more than
+		once can be identified with::
+
+		 # hexdump -e '32/1 "%02x" "\n"' [0-9]*_nonce | sort | \
+		   uniq -c | grep -v '^      1'
+
+		Remote attestation services may also want to verify that the
+		entropy of the nonces is acceptable::
+
+		 # ent 0_requester_nonce
+
+		Note:  The nonces are also contained in the "transcript", but
+		their offsets within the transcript are variable.  It would be
+		necessary to parse the SPDM messages in the transcript to find
+		and extract the nonces, which is cumbersome.  That's why they
+		are exposed as separate files.
@@ -0,0 +1,172 @@
+# SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
+---
+name: spdm
+
+doc: |
+  DMTF Security Protocol and Data Model (SPDM)
+  https://www.dmtf.org/dsp/DSP0274
+
+protocol: genetlink
+
+uapi-header: linux/spdm_netlink.h
+
+definitions:
+  -
+    type: enum
+    name: spdm-reqrsp-code
+    doc: SPDM request or response code of a signed message (SPDM 1.0.0 table 4)
+    entries:
+      -
+        name: spdm-challenge-auth
+        value: 0x03
+      -
+        name: spdm-endpoint-info
+        value: 0x07
+      -
+        name: spdm-measurements
+        value: 0x60
+      -
+        name: spdm-key-exchange-rsp
+        value: 0x64
+      -
+        name: spdm-finish
+        value: 0xe5
+    header: uapi/linux/spdm.h
+  -
+    type: enum
+    name: hash-algo
+    doc: SPDM-supported hash algorithm (SPDM 1.0.0 table 13)
+    entries:
+      -
+        name: hash-algo-sha256
+        value: 4
+      -
+        name: hash-algo-sha384
+        value: 5
+      -
+        name: hash-algo-sha512
+        value: 6
+      -
+        name: hash-algo-sha3-256
+        value: 20
+      -
+        name: hash-algo-sha3-384
+        value: 21
+      -
+        name: hash-algo-sha3-512
+        value: 22
+    header: uapi/linux/hash_info.h
+
+attribute-sets:
+  -
+    name: sig
+    doc: |
+      Signature received from a device, together with all ancillary data
+      needed for re-verification.
+
+      Meant for remote attestation services which do not trust the kernel
+      to have verified the signature correctly or which want to apply
+      policy constraints of their own.
+
+      The signature is computed over the %transcript attribute, which is
+      a concatenation of all SPDM messages exchanged with the device.
+      The transcript may occupy multiple megabytes, exceeding the maximum
+      size of a netlink attribute.  It may therefore be split across several
+      netlink messages.  The first netlink message contains a first portion
+      of the transcript as well as all other attributes.  Any subsequent
+      netlink message contains only a single %transcript attribute which
+      continues the already transmitted portions of the transcript.
+
+      SPDM 1.2 and newer hash the transcript with %hash-algo and prepend
+      %combined-spdm-prefix before computing the signature (SPDM 1.2.0
+      sec 15).  For SPDM 1.0 and 1.1, that step is omitted and the
+      %combined-spdm-prefix attribute is not included in the message.
+
+      The signature is verified against the leaf certificate in %slot.
+      To save memory, only the slot number is included in the message,
+      not the full certificate chain.  Note that if the slot has since
+      been provisioned with a different certificate chain, re-verification
+      of the signature will fail.
+    attributes:
+      -
+        name: device
+        doc: |
+          Device generating the signature, uniquely identified by its
+          path under sysfs.
+        type: string
+      -
+        name: rsp-code
+        doc: |
+          SPDM response code of the message containing the signature,
+          to determine what kind of event caused signature generation.
+          Equivalent to the "context" string of SPDM 1.2.0 sec 15,
+          but represented numerically for easier parsing.
+        type: u8
+        enum: spdm-reqrsp-code
+      -
+        name: slot
+        doc: |
+          Certificate slot used for signature generation.
+        type: u8
+      -
+        name: hash-algo
+        doc: |
+          Hash algorithm used for signature generation.
+        type: u16
+        enum: hash-algo
+      -
+        name: sig-offset
+        doc: |
+          Offset of signature in @transcript.  The signature is located
+          at the end of @transcript, hence its size equals @transcript
+          size minus this offset.
+        type: u32
+      -
+        name: req-nonce-offset
+        doc: |
+          Offset of 32 byte nonce chosen by requester in @transcript.
+          Allows remote attestation services to verify freshness
+          (uniqueness) and entropy adequacy of the nonce.
+        type: u32
+      -
+        name: rsp-nonce-offset
+        doc: |
+          Offset of 32 byte nonce chosen by responder in @transcript.
+          Allows remote attestation services to verify freshness
+          (uniqueness) and entropy adequacy of the nonce.
+        type: u32
+      -
+        name: combined-spdm-prefix
+        doc: |
+          Combined SPDM prefix used for signature generation (SPDM 1.2.0
+          sec 15).  Only included in the message with SPDM version 1.2.0
+          or newer.
+        type: binary
+        checks:
+          exact-len: 100
+      -
+        name: transcript
+        doc: |
+          SPDM transcript used for signature generation.  The signature
+          itself is located at the end of the transcript.
+        type: binary
+        multi-attr: true
+
+operations:
+  list:
+    -
+      name: sig
+      doc: Signature event
+      attribute-set: sig
+      event:
+        attributes:
+          - sig
+      mcgrp: sig
+
+mcast-groups:
+  list:
+    -
+      name: sig
+
+kernel-family:
+  headers: ["netlink-autogen.h"]
@@ -0,0 +1,37 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) */
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/spdm.yaml */
+/* YNL-GEN uapi header */
+/* To regenerate run: tools/net/ynl/ynl-regen.sh */
+
+#ifndef _UAPI_LINUX_SPDM_NETLINK_H
+#define _UAPI_LINUX_SPDM_NETLINK_H
+
+#define SPDM_FAMILY_NAME	"spdm"
+#define SPDM_FAMILY_VERSION	1
+
+enum {
+	SPDM_A_SIG_DEVICE = 1,
+	SPDM_A_SIG_RSP_CODE,
+	SPDM_A_SIG_SLOT,
+	SPDM_A_SIG_HASH_ALGO,
+	SPDM_A_SIG_SIG_OFFSET,
+	SPDM_A_SIG_REQ_NONCE_OFFSET,
+	SPDM_A_SIG_RSP_NONCE_OFFSET,
+	SPDM_A_SIG_COMBINED_SPDM_PREFIX,
+	SPDM_A_SIG_TRANSCRIPT,
+
+	__SPDM_A_SIG_MAX,
+	SPDM_A_SIG_MAX = (__SPDM_A_SIG_MAX - 1)
+};
+
+enum {
+	SPDM_CMD_SIG = 1,
+
+	__SPDM_CMD_MAX,
+	SPDM_CMD_MAX = (__SPDM_CMD_MAX - 1)
+};
+
+#define SPDM_MCGRP_SIG	"sig"
+
+#endif /* _UAPI_LINUX_SPDM_NETLINK_H */
@@ -8,4 +8,5 @@
 obj-$(CONFIG_SPDM) += spdm.o
 
 spdm-y := core.o req-authenticate.o
+spdm-$(CONFIG_NET) += req-netlink.o netlink-autogen.o
 spdm-$(CONFIG_SYSFS) += req-sysfs.o
@@ -0,0 +1,33 @@
+// SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause)
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/spdm.yaml */
+/* YNL-GEN kernel source */
+/* To regenerate run: tools/net/ynl/ynl-regen.sh */
+
+#include <net/netlink.h>
+#include <net/genetlink.h>
+
+#include <uapi/linux/spdm_netlink.h>
+#include <netlink-autogen.h>
+#include <uapi/linux/spdm.h>
+#include <uapi/linux/hash_info.h>
+
+/* Ops table for spdm */
+static const struct genl_split_ops spdm_nl_ops[] = {
+};
+
+static const struct genl_multicast_group spdm_nl_mcgrps[] = {
+	[SPDM_NLGRP_SIG] = { "sig", },
+};
+
+struct genl_family spdm_nl_family __ro_after_init = {
+	.name		= SPDM_FAMILY_NAME,
+	.version	= SPDM_FAMILY_VERSION,
+	.netnsok	= true,
+	.parallel_ops	= true,
+	.module		= THIS_MODULE,
+	.split_ops	= spdm_nl_ops,
+	.n_split_ops	= ARRAY_SIZE(spdm_nl_ops),
+	.mcgrps		= spdm_nl_mcgrps,
+	.n_mcgrps	= ARRAY_SIZE(spdm_nl_mcgrps),
+};
@@ -0,0 +1,24 @@
+/* SPDX-License-Identifier: ((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) */
+/* Do not edit directly, auto-generated from: */
+/*	Documentation/netlink/specs/spdm.yaml */
+/* YNL-GEN kernel header */
+/* To regenerate run: tools/net/ynl/ynl-regen.sh */
+
+#ifndef _LINUX_SPDM_GEN_H
+#define _LINUX_SPDM_GEN_H
+
+#include <net/netlink.h>
+#include <net/genetlink.h>
+
+#include <uapi/linux/spdm_netlink.h>
+#include <netlink-autogen.h>
+#include <uapi/linux/spdm.h>
+#include <uapi/linux/hash_info.h>
+
+enum {
+	SPDM_NLGRP_SIG,
+};
+
+extern struct genl_family spdm_nl_family;
+
+#endif /* _LINUX_SPDM_GEN_H */