OCP Power Supply - SPDM Solution Demonstration Application

Key Features

The Open Compute Project (OCP) recommends adoption of Modular Hardware Common Redundant Power Supply (M-CRPS) specification for server power supplies. An objective of this specification is to improve the security of the datacenter power supply to protect it from spoofing and tampering attacks by requiring firmware attestation, and device authentication mechanisms using cryptographic algorithms such as asymmetric public/private key pairs and hashes.

To meet this objective, the specification requires using the Security Protocol and Data Model (SPDM) over PMBus between the power supply and the Base Management Control (BMC). The SPDM protocol enables the BMC to perform firmware attestation and device authentication on the power supply. Further, the application can utilize SPDM protocol to add features like secure remote monitoring secure firmware upgrade and more security use cases,

This reference design uses the dsPIC33C MPT Secure DSC or dsPIC33C DSC and TA100 Security IC to create a secure solution with digital power capabilities satisfying the security requirement of the OCP compliant power supply implementing SPDM protocol. A dsPIC33C OCP - SPDM library is provided to simplify adding SPDM protocol support into your server power supply.

dsPIC33C DSC and TA100 with OCP - SPDM library supports:

• dsPIC33CK-MPT608 DSC or dsPIC33C DSC and TA100 Security IC
• Code Protection and Immutable Secure Boot
  
• SPDM v 1.2 protocol support
  
• Firmware Attestation
  
• Device Authentication
  
  • ECDSA Sign/Verify using NIST P-384 algorithm
    
• Firmware Measurements using SHA-384 for Application firmware area, Configuration file area etc
  
• SPDM over PMBus Version 1.2 using I²C 50KHz to 400KHz Speed
  

 To learn more about the security features supported by dsPIC33C MPT Secure DSC or dsPIC33C DSC with TA100, visit “Embedded Security with dsPIC33 DSCs”.

Demo Description

This reference design emulates implementation of the SPDM protocol between a server and power supply (Responder) and a BMC (Requester). The 50W Interleaved LLC Converter Development Board (EV84C64A) and dsPIC33CK512MPT608 Digital Power PIM (EV08U25A) are used to emulate the server power supply. The USB to I²C interface connects the board to a PC, which serves to emulate the BMC.    

The MPLAB example project included in the reference design showcases the capabilities of the dsPIC33C-SPDM, CryptoAuthentication, and digital power libraries. With its real-time architecture, the dsPIC33C DSC can execute security libraries and control loop algorithms in parallel, without any CPU bandwidth limitations. The DSC also runs a high-performance digital power control loop algorithm at a frequency of KHz, utilizing an interleaved LLC topology while simultaneously handling the security stacks. Along with the MPLAB project a python script library is provide which runs from the command terminal of the PC. This script library has utilities to verify the SPDM protocol functioning and execute the OCP security profile as per the M-CRPS specification such as capability discovery and negotiation, responder authentication, firmware measurement, verify device binding.

The reference design uses the following hardware:

• 50W Interleaved LLC Converter Development Board (EV84C64A)
• dsPIC33512MPT608 Digital Power PIM (EV08U25A)
• EPC9151 300 W Bi-Directional 1/16TH Brick Power Module Reference Design (EPC9151)
• TA100 8-PIN SOIC CryptoAutomotive^TM Socket Board (AC164167)
  
• Total Phase Aardvark I2C/SPI Host Adapter (TTP100005)
  

Public Documents and Resources

1. Full Digital Power with the dsPIC^® DSCs
2. Embedded Security Solutions With dsPIC33 DSCs
3. dsPIC33C MPT Secure Digital Signal Controllers (DSCs)