Skip to content

security(spdm): bind rebind attestation to SPDM session TH1#878

Merged
sgrams merged 1 commit into
intel:mainfrom
haitaohuang:intel_up/pr4a_spdm_security
Jun 8, 2026
Merged

security(spdm): bind rebind attestation to SPDM session TH1#878
sgrams merged 1 commit into
intel:mainfrom
haitaohuang:intel_up/pr4a_spdm_security

Conversation

@haitaohuang

Copy link
Copy Markdown
Contributor

Add verify_tdreport_data_binding() to check rebind TDREPORT REPORTDATA equals SHA384(prefix || TH1), preventing replay of attestation from a previous SPDM session. Applied on both requester and responder sides.

Add verify_tdreport_data_binding() to check rebind TDREPORT
REPORTDATA equals SHA384(prefix || TH1), preventing replay of
attestation from a previous SPDM session. Applied on both
requester and responder sides.

Signed-off-by: Haitao Huang <haitaohuang@microsoft.com>
@haitaohuang haitaohuang requested review from jyao1 and sgrams as code owners June 4, 2026 19:35
@sgrams sgrams merged commit 60e7091 into intel:main Jun 8, 2026
55 checks passed
@sgrams

sgrams commented Jun 8, 2026

Copy link
Copy Markdown
Contributor

Verified against MigTD Design Guide §4 (Mutual Authentication): TH1 must be bound into the TDREPORT, and the session must be torn down on auth failure - both satisfied here.
The prefix swap ("MigTDReq"/"MigTDRsp") and TH1 source (session.get_th1()) match the existing migration-path check in verify_report_data_binding, so the rebind path now has the same anti-replay/domain-separation guarantees the migration path already had. gen_tdreport at the generation sites already hashes prefix||TH1 into REPORTDATA via SHA-384, which lines up exactly with what the new verifier recomputes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants