From: Eric Biggers <ebiggers@kernel.org>
To: Stefan Berger <stefanb@linux.ibm.com>
Cc: "Coiby Xu" <coxu@redhat.com>,
"Johannes Wiesböck" <johannes.wiesboeck@aisec.fraunhofer.de>,
dhowells@redhat.com, dmitry.kasatkin@gmail.com,
eric.snowberg@oracle.com, keyrings@vger.kernel.org,
linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-modules@vger.kernel.org,
roberto.sassu@huawei.com, simo@redhat.com, zohar@linux.ibm.com,
michael.weiss@aisec.fraunhofer.de
Subject: Re: IMA and PQC
Date: Wed, 25 Feb 2026 16:10:49 -0800 [thread overview]
Message-ID: <20260226001049.GA3135@quark> (raw)
In-Reply-To: <ee36981d-d658-4296-9acb-874c72606b3e@linux.ibm.com>
On Wed, Feb 25, 2026 at 09:25:43AM -0500, Stefan Berger wrote:
> To avoid duplicate work: Is either one of you planning on writing patches
> for IMA to use ML-DSA and convert the current ML-DSA to also support HashML?
> I had done the work on this before and could dig out the patches again...
IMA already had to add its own digest prefixing support, since it was
needed to disambiguate between full-file digests and fsverity digests.
See 'struct ima_file_id'. Thus the message signed is at most 66 bytes.
With that being the case, HashML-DSA isn't necessary. It's not even
possible to use here, since there are no OIDs assigned for the fsverity
digests, so it cannot replace the ima_file_id.
I'll also note that HashML-DSA is controversial (e.g. see
https://keymaterial.net/2024/11/05/hashml-dsa-considered-harmful/),
since it was added to the ML-DSA specification at a late stage without
sufficient review, and what it does can be achieved in better ways.
Which is exactly what we are seeing here, since again, IMA needs to do
the digest calculation and prefixing itself anyway.
- Eric
next prev parent reply other threads:[~2026-02-26 0:10 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-23 17:43 IMA and PQC David Howells
2026-01-26 21:04 ` Mimi Zohar
2026-01-26 21:36 ` David Howells
2026-01-26 22:54 ` Mimi Zohar
2026-01-30 11:17 ` Coiby Xu
2026-01-30 14:10 ` David Howells
2026-02-03 13:43 ` Coiby Xu
2026-01-30 20:31 ` Johannes Wiesböck
2026-02-03 13:32 ` Coiby Xu
2026-02-25 14:25 ` Stefan Berger
2026-02-26 0:10 ` Eric Biggers [this message]
2026-02-26 12:42 ` Stefan Berger
2026-02-26 14:16 ` Stefan Berger
2026-02-26 15:27 ` Simo Sorce
2026-02-26 16:58 ` Eric Biggers
2026-02-26 17:22 ` Stefan Berger
2026-02-26 18:32 ` Eric Biggers
2026-02-26 19:21 ` Stefan Berger
2026-02-26 19:44 ` Eric Biggers
2026-02-26 21:05 ` Stefan Berger
2026-02-26 18:42 ` Simo Sorce
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260226001049.GA3135@quark \
--to=ebiggers@kernel.org \
--cc=coxu@redhat.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=eric.snowberg@oracle.com \
--cc=johannes.wiesboeck@aisec.fraunhofer.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-modules@vger.kernel.org \
--cc=michael.weiss@aisec.fraunhofer.de \
--cc=roberto.sassu@huawei.com \
--cc=simo@redhat.com \
--cc=stefanb@linux.ibm.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox