Hi Mimi,
I've posted patches which I hope will accepted to implement ML-DSA module
signing:
https://lore.kernel.org/linux-crypto/[email protected]/T/#t
but for the moment, it will give an error to pkcs7_get_digest() if there's no
digest available (which there won't be with ML-DSA). This means that there
isn't a hash for IMA to get at for TPM measurement.
Now, I probably have to make a SHA256 hash anyway for UEFI blacklisting
purposes, so that could be used. Alternatively, we can require the use of
authenticatedAttributes/signedAttrs and give you the hash of that - but then
you're a bit at the mercy of whatever hashes were used.
Further, we need to think how we're going to do PQC support in IMA -
particularly as the signatures are so much bigger and verification slower.
Would ML-DSA-44 be acceptable? Should we grab some internal state out of
ML-DSA to use in lieu of a hash?
David
