transport: spdm-storage: add support by twilfredo · Pull Request #139 · westerndigitalcorporation/spdm-utils

twilfredo · 2025-03-05T03:30:34Z

As per DMTF DSP0286 (pending ratification), this series adds supports to spdm-utils to communicate spdm with nvme devices over the respective security commands.

twilfredo · 2025-03-05T03:30:46Z

@alistair23, note: CI won't work until upstream libspdm has storage support. So let's keep this blocked till then.

twilfredo · 2025-03-05T03:42:26Z

todo:

~~DMTF DSP0286 Ratification~~
~~libspdm storage transport support upstream~~
~~qemu nvme responder socket support upstream~~

side-quests:

kernel spdm && spdm-storage support upstream

https://lore.kernel.org/qemu-devel/20250826054630.222052-1-wilfred.opensource@gmail.com --- From: Wilfred Mallawa <wilfred.opensource@gmail.com> To: Alistair Francis <alistair.francis@wdc.com> Cc: Keith Busch <kbusch@kernel.org>, Klaus Jensen <its@irrelevant.dk>, Jesper Devantier <foss@defmacro.it>, Stefan Hajnoczi <stefanha@redhat.com>, Fam Zheng <fam@euphon.net>, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= <philmd@linaro.org>, Kevin Wolf <kwolf@redhat.com>, Hanna Reitz <hreitz@redhat.com>, "Michael S . Tsirkin" <mst@redhat.com>, Marcel Apfelbaum <marcel.apfelbaum@gmail.com>, qemu-devel@nongnu.org, qemu-block@nongnu.org, Wilfred Mallawa <wilfred.mallawa@wdc.com> Subject: [PATCH 0/4] NVMe: Add SPDM over the storage transport support Date: Tue, 26 Aug 2025 15:46:26 +1000 Message-ID: <20250826054630.222052-1-wilfred.opensource@gmail.com> X-Mailer: git-send-email 2.51.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::42d; envelope-from=wilfred.opensource@gmail.com; helo=mail-pf1-x42d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: <qemu-devel.nongnu.org> List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe> List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel> List-Post: <mailto:qemu-devel@nongnu.org> List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help> List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>, <mailto:qemu-devel-request@nongnu.org?subject=subscribe> Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org From: Wilfred Mallawa <wilfred.mallawa@wdc.com> This series extends the existing SPDM support in QEMU to support the DSP0286 SPDM Storage Transport [1] for NVMe. SPDM Storage Transport uses the NVMe Admin Security Send/Receive commands, as such, support for these commands have also been added. With the addition of a new `spdm-trans` CLI argument for NVMe controllers, users can specify `spdm_trans=nvme` or `spdm_trans=doe`. This allows for the selection of the SPDM transport. The `doe` option is the current default, `nvme` would select SPDM Storage Transport for the controller, where SPDM communication happens over the NVMe Admin Security Send/Receive commands. Support for DSP0286 already exists in `libspdm` [2] and support for the QEMU SPDM server is being upstreamed for `spdm-utils` [3]. This series was tested by using `spdm-utils` as the qemu SPDM server with SPDM Storage Transport support built with `libspdm` v3.8.0, and `spdm-utils` also as the SPDM requester. [1] https://www.dmtf.org/sites/default/files/standards/documents/DSP0286_1.0.0.pdf [2] DMTF/libspdm#2827 [3] westerndigitalcorporation/spdm-utils#139 Wilfred Mallawa (4): spdm-socket: add seperate send/recv functions spdm: add spdm storage transport virtual header hw/nvme: add NVMe Admin Security SPDM support hw/nvme: connect SPDM over NVMe Security Send/Recv backends/spdm-socket.c | 27 +++- docs/specs/spdm.rst | 10 +- hw/nvme/ctrl.c | 264 +++++++++++++++++++++++++++++++++-- hw/nvme/nvme.h | 5 + include/block/nvme.h | 15 ++ include/hw/pci/pci_device.h | 1 + include/system/spdm-socket.h | 46 ++++++ 7 files changed, 351 insertions(+), 17 deletions(-) -- 2.51.0 Signed-off-by: GitHub Actions Bot <bot@github.com>

twilfredo · 2025-10-16T23:01:35Z

@alistair23 this patch has README instructions for tcmu-runner, should we remove those?

alistair23 · 2025-10-17T02:12:13Z

Note: CI failure is for tock-responder seems unrelated to this


error[E0599]: no variant or associated item named `Storage` found for enum `TransportLayer` in the current scope
   --> /home/runner/work/spdm-utils/spdm-utils/src/libspdm/spdm.rs:511:25
    |
286 | pub enum TransportLayer {
    | ----------------------- variant or associated item `Storage` not found for this enum
...
511 |         TransportLayer::Storage => {
    |                         ^^^^^^^ variant or associated item not found in `TransportLayer`

Seems very related

Cargo.toml

README.md

src/io_buffers.rs

alistair23 · 2025-10-17T02:47:31Z

@alistair23 this patch has README instructions for tcmu-runner, should we remove those?

Yeah, I think so. Also if possible it might be worth splitting the NVMe and SCSI parts out. It'll help make the PR smaller

twilfredo · 2025-10-17T03:18:58Z

Note: CI failure is for tock-responder seems unrelated to this


error[E0599]: no variant or associated item named `Storage` found for enum `TransportLayer` in the current scope
   --> /home/runner/work/spdm-utils/spdm-utils/src/libspdm/spdm.rs:511:25
    |
286 | pub enum TransportLayer {
    | ----------------------- variant or associated item `Storage` not found for this enum
...
511 |         TransportLayer::Storage => {
    |                         ^^^^^^^ variant or associated item not found in `TransportLayer`

Seems very related

Yeah! I deleted that comment after I fixed it.. you got to it before haha my bad

twilfredo · 2025-10-20T02:15:15Z

This PR now only adds the userspace side for NVMe only. SCSI and QEMU server to follow.

src/io_buffers.rs

twilfredo · 2025-11-17T23:32:23Z

@alistair23 ping

twilfredo · 2025-12-02T10:25:16Z

@alistair23 ping

twilfredo · 2025-12-11T06:53:37Z

ping @alistair23 :)

src/nvme.rs

src/io_buffers.rs

alistair23 · 2026-02-12T03:17:01Z

src/nvme.rs

+        };
+
+        let mut transport_message_len = message_size;
+        let mut transport_message = ptr::null_mut();


Why is this NULL? Especially when the size isn't 0

libspdm sets the transport_message by walking back the number of transport header bytes from message. But before doing that it needs to assert the length (so that we don't walk back into invalid memory). So transport_message_len cannot be zero currently. See below (transport_message_len is transport_message_size in libspdm.

if (*transport_message_size < message_size + sizeof(libspdm_storage_transport_virtual_header_t)) { *transport_message_size = message_size + sizeof(libspdm_storage_transport_virtual_header_t); return LIBSPDM_STATUS_BUFFER_TOO_SMALL; }

This function libspdm_transport_storage_encode_message exists to extract the storage header that is added to the message so the integrator can setup the storage API calls to the device. This is a bit clunky, so we could look at improving this api later.

NVMe userspace API required page aligned allocated buffers, ensure we have support for this. Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>

Using the DSP0286, this patch adds support for communicating with an NVMe device with the NVME admin SECURITY SEND/RECEIVE commands for SPDM. `libnvme` is used to interact with the device specified. Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>

twilfredo force-pushed the wilfred/add-spdm-storage-upstream branch from 5be6539 to 5cb8f58 Compare October 16, 2025 22:58

twilfredo force-pushed the wilfred/add-spdm-storage-upstream branch 2 times, most recently from c76c042 to ac4f260 Compare October 17, 2025 00:42

alistair23 requested changes Oct 17, 2025

View reviewed changes

twilfredo force-pushed the wilfred/add-spdm-storage-upstream branch from 530be5b to 74cbd9b Compare October 20, 2025 02:13

twilfredo force-pushed the wilfred/add-spdm-storage-upstream branch 2 times, most recently from e3f8389 to 8677d4b Compare October 20, 2025 02:19

twilfredo changed the title ~~[RFC] transport: spdm-storage: add support~~ transport: spdm-storage: add support Oct 20, 2025

twilfredo requested a review from alistair23 October 20, 2025 02:57

twilfredo force-pushed the wilfred/add-spdm-storage-upstream branch 2 times, most recently from acc7fe8 to 0898860 Compare October 23, 2025 02:19

alistair23 reviewed Oct 23, 2025

View reviewed changes

src/io_buffers.rs Outdated Show resolved Hide resolved

src/io_buffers.rs Show resolved Hide resolved

twilfredo force-pushed the wilfred/add-spdm-storage-upstream branch from 0898860 to 9dad4f7 Compare October 23, 2025 04:26

twilfredo requested a review from alistair23 October 23, 2025 04:26

alistair23 requested changes Jan 14, 2026

View reviewed changes

src/nvme.rs Outdated Show resolved Hide resolved

src/nvme.rs Outdated Show resolved Hide resolved

twilfredo force-pushed the wilfred/add-spdm-storage-upstream branch 3 times, most recently from 76f4fb0 to 87d3e6b Compare February 5, 2026 05:13

alistair23 requested changes Feb 12, 2026

View reviewed changes

src/io_buffers.rs Outdated Show resolved Hide resolved

alistair23 requested changes Feb 12, 2026

View reviewed changes

twilfredo added 3 commits February 13, 2026 09:34

io_buffers: add page aligned allocation

701bbe4

NVMe userspace API required page aligned allocated buffers, ensure we have support for this. Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>

storage: add storage standard protocols common

bce0482

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>

twilfredo force-pushed the wilfred/add-spdm-storage-upstream branch from 87d3e6b to 7a03a58 Compare February 12, 2026 23:34

twilfredo requested a review from alistair23 February 12, 2026 23:35

Conversation

twilfredo commented Mar 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

twilfredo commented Mar 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

twilfredo commented Mar 5, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

twilfredo commented Oct 16, 2025

Uh oh!

alistair23 commented Oct 17, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

alistair23 commented Oct 17, 2025

Uh oh!

twilfredo commented Oct 17, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

twilfredo commented Oct 20, 2025

Uh oh!

Uh oh!

Uh oh!

twilfredo commented Nov 17, 2025

Uh oh!

twilfredo commented Dec 2, 2025

Uh oh!

twilfredo commented Dec 11, 2025

Uh oh!

Uh oh!

Uh oh!

Uh oh!

alistair23 Feb 12, 2026

Choose a reason for hiding this comment

Uh oh!

twilfredo Feb 12, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

twilfredo commented Mar 5, 2025 •

edited

Loading

twilfredo commented Mar 5, 2025 •

edited

Loading

twilfredo commented Mar 5, 2025 •

edited

Loading

twilfredo commented Oct 17, 2025 •

edited

Loading

twilfredo Feb 12, 2026 •

edited

Loading