LMS verification support

LMS verification support

[Mike Luken (mluken)]

[-- Attachment #1: Type: text/plain, Size: 403 bytes --]

NIST and NSA have both recommended the use of the LMS algorithm for firmware and software signatures and verification.  NSA stated vendors should have this supported in products in 2025.  What are the plans to add LMS support into the kernel for things like secure boot (I guess this is done via the SHIM which I don’t know if this is covered by kernel.org or not) , signed kernel modules and IMA?

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 5136 bytes --]

Re: LMS verification support

[Milan Broz]

On 12/2/22 16:06, Mike Luken (mluken) wrote:
> NIST and NSA have both recommended the use of the LMS algorithm for
> firmware and software signatures and verification.  NSA stated
> vendors should have this supported in products in 2025.  What are the
> plans to add LMS support into the kernel for things like secure boot
> (I guess this is done via the SHIM which I don’t know if this is
> covered by kernel.org or not) , signed kernel modules and IMA?
This is really not a question for this list, I guess you should write
to some kernel list (I guess kernel-integrity, archive here
https://lore.kernel.org/linux-integrity/ )

Milan