SPDM Design with FIPS 140-3 Compliance (C22b)
The Security Protocol and Data Model (SPDM) is a protocol published by Distributed Management Task Force (DMTF). Since its debut in 2019, SPDM has been employed by several standard bodies, such as PCIe and CXL, for security communication between devices and host. SPDM is being deployed in numerous devices over the world and its popularity will only increase as upcoming SPDM versions introduce new features and use cases. On the other hand, FIPS 140-3 by National Institute of Standards and Technology (NIST) and Canadian Centre for Cyber Security (CCCS) is a cryptography and security standard that device vendors in the government, finance, and healthcare markets thrive to meet. As such, implementation of SPDM with FIPS 140-3 compliance becomes an interesting topic. This talk presents best known methods for FIPS 140-3 compliant SPDM design.