Efforts to secure computing systems via software traditionally focus on the operating system and application levels. In contrast, the Security Protocol and Data Model (SPDM) tackles firmware level security challenges, which are much harder (if at all possible) to detect with regular protection software. SPDM includes key features like enabling peripheral authentication, authenticated hardware measurements retrieval, and secure session establishment. Since SPDM is a relatively recent proposal, there is a lack of studies evaluating its performance impact on real-world applications. In this article, we address this gap by: (1) implementing the protocol on a simple virtual device, and then investigating the overhead introduced by each SDPM message; and (2) creating an SPDM-capable virtual hard drive based on VirtIO, and comparing the resulting read/write performance with a regular, unsecured implementation. Our results suggest that SPDM bootstrap time takes the order of tens of milliseconds, while the toll of introducing SPDM on hard drive communication highly depends on specific workload patterns. For example, for mixed random read/write operations, the slowdown is negligible in comparison to the baseline unsecured setup. Conversely, for sequential read or write operations, the data encryption process becomes the bottleneck, reducing the performance indicators by several orders of magnitude.

翻译：传统上，通过软件保护计算系统的努力主要集中在操作系统和应用层面。相比之下，安全协议与数据模型（SPDM）处理的是固件层面的安全挑战——常规防护软件极难（甚至不可能）检测到这些问题。SPDM包含关键特性，如支持外设认证、经过认证的硬件度量值检索以及安全会话建立。由于SPDM是相对较新的提案，目前缺乏评估其对实际应用性能影响的研究。本文旨在填补这一空白，具体通过：（1）在简单虚拟设备上实现该协议，然后探究每条SDPM消息引入的开销；（2）基于VirtIO创建支持SPDM的虚拟硬盘驱动器，并将由此产生的读写性能与常规非安全实现进行比较。我们的结果表明，SPDM引导时间约为数十毫秒量级，而在硬盘通信中引入SPDM所带来的代价高度依赖于具体的工作负载模式。例如，对于混合随机读写操作，其性能降级相比基线非安全设置可忽略不计。相反，对于顺序读写操作，数据加密过程成为瓶颈，导致性能指标下降数个数量级。