Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-131255

[pesign] Update pesign for ML-DSA, SHA384, and composite signatures

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.3
    • None
    • pesign
    • Update pesign for ML-DSA, SHA384, and composite signatures
    • None
    • rhel-bootloader
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Description

      pesign depends on nss for its crypto libraries. Once nss is ready, pesign needs to be updated to understand and use ML-DSA and SHA384. It needs to be possible to:

      • create ML-DSA key / cert pairs
      • sign binaries with ML-DSA keys
      • check ML-DSA signatures on binaries

      What SSTs and Layered Product teams should review this?

              bootloader-eng-team bootloader -eng-team
              oksenzov@redhat.com Olga Ksenzova
              bootloader -eng-team bootloader -eng-team
              bootloader -eng-team bootloader -eng-team
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: