libspdm icon indicating copy to clipboard operation
libspdm copied to clipboard
verified publisher icon DMTF

Need update export master secrete during key update.

Open jyao1 opened this issue 3 years ago • 4 comments

Current code does not change export master secrete when key update.

jyao1 avatar Mar 29 '22 00:03 jyao1

We talked about this at the VF2F and it is considered implementation-defined behavior.

steven-bellock avatar Mar 29 '22 01:03 steven-bellock

Will probably need a VDM to accomplish this since the specification will (soon) explicitly state that update and use of the Export Master Secret is implementation-defined. libspdm should be able to handle this flow.

steven-bellock avatar Apr 04 '22 14:04 steven-bellock

@steven-bellock Can we fix this one after https://github.com/DMTF/libspdm/pull/1274 ?

jyao1 avatar Oct 11 '22 01:10 jyao1

This is still to-be-decided. Our options are

  1. Do nothing.
  2. Create a vendor-defined message that updates the export master secret.
  3. Provide an option to update the export master secret through KEY_UPDATE and the UpdateAllKeys.

Ultimately I think we'll go with 1, but we can discuss it at the next meeting.

steven-bellock avatar Oct 11 '22 14:10 steven-bellock