Proposal: Adopting FIPS 204 (ML-DSA) Post-Quantum Encryption Standards in BMC Tar Image

Jishnu Nambiar jishnunambiarcm at gmail.com
Fri Feb 21 00:10:09 AEDT 2025 

Hello Community,

I'm proposing an update to the BMC tar image to adopt the FIPS 204 (ML-DSA)
Post-Quantum Encryption Standards, finalized by NIST
<https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards>
in August 2024. This update will enhance the security and integrity of the
image by incorporating a post-quantum resistant signing method using
ML-DSA, in addition to the existing RSA signing method. The proposed design
includes the following aspects:

   - Generating a new set of private and public key pairs for ML-DSA
   - Updating the directory structure to include MLDSA signature files,
   with a proposed structure as follows:
      - image-rofs.sig
      - image-kernel.sig
      - MANIFEST.sig
      - publickey
      - MLDSA/
         - public_key_MLDSA
         - image-bmc_MLDSA.sig
         - image-hostfw_MLDSA.sig
         - image-kernel_MLDSA.sig
         - image-rofs_MLDSA.sig
         - image-rwfs_MLDSA.sig
         - image-u-boot_MLDSA.sig
         - MANIFEST_MLDSA.sig
      - Modifying the image generation process to support the new signing
   method, including updates to generate and include MLDSA signature files in
   the tar archive
   - Updating the manifest to include MLDSA-related information
   - Ensuring backward compatibility with existing RSA signing methods to
   allow for a smooth transition to the new ML-DSA signing method. The code
   update will perform ML-DSA verification only if a valid ML-DSA key is found
   on the BMC flash; otherwise, it will skip this check and only perform RSA
   verification. Additionally, if an ML-DSA key is present on the BMC flash,
   an ML-DSA signature is expected to be present in the incoming image; if
   not, the image will be rejected to prevent reverting to RSA-only
   verification by removing ML-DSA signatures from newer images.
   - Modifying the signature verification process to support both RSA and
   ML-DSA signature validation.

Please share any feedback or suggestions you may have.

Thanks & Regards,
Jishnu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20250220/73d7765c/attachment.htm>

More information about the openbmc mailing list