Firmware authentication: SPDM performance evaluation

Abstract

Security attacks involving manipulation of computational elements close to the hardware level (e.g., BIOS and firmware), make it possible to tamper with the behavior of target systems and consequently bypass protection mechanisms. This is because conventional and widely used security tools, such as antivirus and firewalls, are usually restricted to monitoring layers above the operating system. In an effort to solve this problem, the Security Protocol and Data Model (SPDM) was launched in 2020 by the Distributed Management Task Force (DMTF), a consortium that brings together several companies from the hardware, computer components, and networking markets. SPDM supports firmware attestation mechanisms and the establishment of secure communications at the system bus level. Although there are open software libraries that allow SPDM functionalities to be tested and integrated at the operating system level, there are still no hardware reference implementations in the literature. This gap limits the adoption of SPDM in the real world because the protections provided by SPDM specifically target hardware components so that the protocol itself cannot be attacked by manipulations at this level. At the same time, this makes it difficult to carry out a broad analysis of SPDM, including performance and power consumption evaluations, which can currently only be done roughly through emulation. This research project proposal aims to address this gap by presenting the first hardware implementation of SPDM, while exploring different optimization metrics, including throughput, latency, area, and power consumption. (AU)