Averting hacks of PCIe transport using CMA/SPDM

This paper describes the component measurement and authentication (CMA) and security protocol and data model (SPDM) flow used to establish the secure channels required for the transmission of encrypted packets. The various approaches, namely the symmetric and asymmetric flows, will be discussed in establishing a secure connection with the implementation of CMA/SPDM packets through data objects. The paper also shares how next-generation Siemens VIP will verify the SPDM’s full software stack layer. The paper covers the details of generating keys using the Diffie-Hellman key exchange (DHE) algorithm and creating digital signatures using the digital signature algorithm (DSA). In the last section, the computational advantages of utilizing elliptical curve cryptographic algorithms will be highlighted over the conventional ones in the case of asymmetric flow.

Ensuring data integrity

Everyone in this information age is generating a massive amount of data. This data is frequently transferred between storage devices via untrustworthy links, making it vulnerable to a wide range of digital security attacks. Because of these factors, it is imperative to secure these links and provide a reliable way of user authentication. Data cryptographic algorithms ensure the integrity of data.

Siemens Verification IP (VIP) for PCIe verifies designs that test the successful establishment of a secure connection through CMA/SPDM, before starting the flow of encrypted packets. Siemens VIP for PCIe supports SPDM design verification in compliance with the CMA Revision 1.1 specification and SPDM version 1.3.0 specifications.