Proposal: Adopting FIPS 204 (ML-DSA) Post-Quantum Encryption Standards in BMC Tar Image
Adriana Kobylak
anoo at linux.ibm.com
Tue Feb 25 07:59:35 AEDT 2025
OpenBMC currently uses the SHA256 hash algorithm. For the ML-DSA signing method seems we'll need to increase the hash and use SHA3-512.
Currently the MANIFEST specifies the hash type to be used via the `HashType` field:
HashType=RSA-SHA256
Since parsing the MANIFEST file in the phosphor-bmc-code-mgmt repo supports multiple duplicated entries, we could add a second `HashType` entry to the MANIFEST, that would tie the subdirectory or signature names to the hash type that needs to be used, example:
HashType=SHA3-512,MLDSA
> On Feb 20, 2025, at 7:10 AM, Jishnu Nambiar <jishnunambiarcm at gmail.com> wrote:
>
> This Message Is From an Untrusted Sender
> You have not previously corresponded with this sender.
> Report Suspicious <https://us-phishalarm-ewt.proofpoint.com/EWT/v1/AdhS1Rd-!-XFVHHjT_UDUGPnaI6Sp28PJha3Fj7n1d8eGOcwOGX-JIw8cne1mSsxjMN0cah24IwMj1Ml-NmKDYP10vjrg9ybT2vDnfr5Kjw5vrTMPCEIww0Na7RDdjs_X1Cw$>
> Hello Community,
>
> I'm proposing an update to the BMC tar image to adopt the FIPS 204 (ML-DSA) Post-Quantum Encryption Standards, finalized by NIST <https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards> in August 2024. This update will enhance the security and integrity of the image by incorporating a post-quantum resistant signing method using ML-DSA, in addition to the existing RSA signing method. The proposed design includes the following aspects:
>
> Generating a new set of private and public key pairs for ML-DSA
> Updating the directory structure to include MLDSA signature files, with a proposed structure as follows:
> image-rofs.sig
> image-kernel.sig
> MANIFEST.sig
> publickey
> MLDSA/
> public_key_MLDSA
> image-bmc_MLDSA.sig
> image-hostfw_MLDSA.sig
> image-kernel_MLDSA.sig
> image-rofs_MLDSA.sig
> image-rwfs_MLDSA.sig
> image-u-boot_MLDSA.sig
> MANIFEST_MLDSA.sig
> Modifying the image generation process to support the new signing method, including updates to generate and include MLDSA signature files in the tar archive
> Updating the manifest to include MLDSA-related information
> Ensuring backward compatibility with existing RSA signing methods to allow for a smooth transition to the new ML-DSA signing method. The code update will perform ML-DSA verification only if a valid ML-DSA key is found on the BMC flash; otherwise, it will skip this check and only perform RSA verification. Additionally, if an ML-DSA key is present on the BMC flash, an ML-DSA signature is expected to be present in the incoming image; if not, the image will be rejected to prevent reverting to RSA-only verification by removing ML-DSA signatures from newer images.
> Modifying the signature verification process to support both RSA and ML-DSA signature validation.
> Please share any feedback or suggestions you may have.
>
> Thanks & Regards,
> Jishnu.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20250224/58860140/attachment-0001.htm>
More information about the openbmc
mailing list