Solidigm™ SSDs (starting with the D7-PS1xxx series and beyond) will feature the Device Attestation capability, which enables customers to verify cryptographically that the SSD is an authentic Solidigm product and running the expected firmware and configuration.
Attestation data can be obtained from the SSD using the commands specified in the DMTF Security Protocol and Data Model (SPDM) Specification. Please refer to this specification in order to execute the protocol necessary to obtain Attestation data.
Once the attestation data is obtained from the SSD, it is critical to verify the data against Solidigm Verified Attestation Data, typically referred to as Reference Integrity Manifests (RIMs). Solidigm Verified Attestation data has been verified by Solidigm as accurate and has been digitally signed in order to maintain integrity and preserve its authenticity.
Once the attestation data from the SSD and the Solidigm Verified Attestation data have been obtained, the requesting entity (e.g., host software, BMC, etc.) can compare these two datasets to see if they match. Additionally, the requestor will be able to verify the digital signature of the attestation data from the SSD to ensure it has been digitally signed by Solidigm.
If the attestation datasets match, and the digital signature is proven to be from Solidigm, the requestor can confirm that the SSD is a genuine Solidigm SSD that is configured as expected. If any of these verification steps fail, the requestor may choose to take remediation actions and/or prevent the SSD from booting. If this occurs, the requestor may need to contact Solidigm Customer Support for assistance.
The figure below is a high-level depiction of the above process: