Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-112697

allow PQ algorithms in all rpm-sequoia crypto-policies (RHEL-9)

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • rhel-9.7
    • rhel-9.7
    • crypto-policies
    • crypto-policies-20250905-1.git377cc42.el9_7
    • No
    • Moderate
    • 1
    • rhel-security-crypto-spades
    • 30
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto25September
    • Approved Exception
    • Hide

      AC) MLKEM/MLDSA algorithms are allowed in all rpm-sequoia policies

      Show
      AC) MLKEM/MLDSA algorithms are allowed in all rpm-sequoia policies
    • Requested
    • Enabled
    • Automated
    • Known Issue
    • (please refer to and keep in sync with https://issues.redhat.com/browse/RHEL-112392)
    • Proposed
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      With current behaviour of RHEL-9.7 pqrpm, verification of dual-signed RPM packages fails if some of the algorithms is disabled in crypto-policies.

      To prevent breaking the system, we need to enable PQ algorithms in all rpm-sequoia crypto policies before the proper fix is introduced (see the epic for high level plan).

              asosedki@redhat.com Alexander Sosedkin
              szidek@redhat.com Stanislav Zidek
              Alexander Sosedkin Alexander Sosedkin
              Ondrej Moris Ondrej Moris
              Mirek Jahoda Mirek Jahoda
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: