Skip to content

2025 OCP Global Summit

Jump to bottom
Steven Bellock edited this page Mar 21, 2025 · 2 revisions

Motivation

At the 2024 OCP Global Summit the DMTF hosted a well-attended Manageability Workshop that allowed for more thorough exploration of topics, such as Redfish and SPDM. libspdm and SPDM-Responder-Validator are good candidates for such a workshop. In addition during the Security track there were a few questions about libspdm and a higher level presentation and introduction would fit well there.

Presentation Outline for Security Track

  • History
    • Initial development by @jyao1 on openspdm.
    • Donation to DMTF and formation of the SPDM Code Task Force.
    • Overview of releases.
  • Projects that use libspdm
    • Arm Realm Management Monitor reference implementation.
    • QEMU
  • Architecture and Dependencies
    • Core libraries like spdm_responder_lib.
    • Cryptography libraries.
  • Development
    • Release process and schedule.
    • Contributors and their companies.
  • Testing and Security
    • Unit and fuzz testing.
    • Static analysis.
    • Formal verification.
    • Offensive security activities.
    • CVEs.
  • Relationship with SPDM Working Group
    • Development of libspdm highlighted many issues in specification.
    • All work is done in GitHub which makes it straightforward to cross-reference code issues and specification issues.
Clone this wiki locally