SPDM Protocol Clarification Questions (v1.0, v1.1, v1.2)

[PrakashK94]

I have a few conceptual questions related to the SPDM protocol. These questions are not related to SPDM implementation or code, but to understanding the security goals and use cases across SPDM versions 1.0, 1.1, and 1.2.

SPDM 1.0 Questions
SPDM 1.0 provides device discovery, authentication, and attestation capabilities.

1. Security Scope

• My understanding is that SPDM 1.0 does not protect runtime data traffic, but instead focuses on device identity and trust establishment. Is this correct?

2. Identity

• Does “identity” in SPDM 1.0 mean identifying the device vendor and device model using the certificate chain retrieved via GET_CERTIFICATE?

3. Authentication

• Is authentication achieved by validating:
  - the responder’s certificate chain, and
  - the signatures returned in CHALLENGE_AUTH and measurement responses?

4. Attestation & Platform Policy

• Is attestation intended to allow the requester to:
  - compare received measurements against known-good (reference) measurements, and
  - make a platform-specific policy decision (e.g., allow normal operation, restrict functionality, log an error, or trigger firmware recovery)?
• Are enforcement actions (lockdown, recovery, logging, etc.) outside the scope of SPDM and left to the platform firmware or management software?

5. Use Case

• Is the primary use case of SPDM 1.0 establishing trust in a device before it is used, rather than protecting ongoing communication?

SPDM 1.1 Questions
SPDM 1.1 introduces secure session establishment.

1. Secure Sessions

• Once a secure session is established, is the communication:
  - confidential (encrypted),
  - integrity-protected, and
  - protected against replay and tampering?

2. Threat Model

• Assuming correct cryptographic implementation and key protection, is it correct that:
• a third party cannot tamper with messages or firmware update payloads exchanged inside a secure session?

3. Use Case

• Is SPDM 1.1 primarily intended for:
  - secure firmware updates,
  - secure management commands, and
  - protected measurement retrieval after trust has been established?

SPDM 1.2 Questions
SPDM 1.2 introduces certificate provisioning and update.

1. Certificate Provisioning
   - SPDM 1.2 allows writing certificate chains into responder slots. What are the intended scenarios for this capability?
2. Manufacturing vs Field Update
   - While devices typically have certificates provisioned during secure manufacturing (e.g., SLOT0), is SPDM 1.2 designed to support:
   - certificate rotation,
   - ownership transfer,
   - lifecycle management, or
   - post-manufacturing certificate updates in the field?
3. Use Case
   • What are the real-world deployment scenarios where SPDM 1.2 certificate write capability is expected to be used?