On 4/16/26 11:40 AM, Stefan Berger wrote: > Based on IMA sigv3 type of signatures, add support for ML-DSA signature > for EVM and IMA. Use the existing ML-DSA hashless signing mode (pure mode). > > Stefan > > v3: > - new patches 1/4 and 2/4 > - addressed Mimi's comments on v2 > > v2: > - Dropped 1/3 > - Using "none" as hash_algo in 2/2 > > Stefan Berger (4): > integrity: Check for NULL returned by asymmetric_key_public_key > integrity: Check that algo parameter is within valid range > integrity: Refactor asymmetric_verify for reusability > integrity: Add support for sigv3 verification using ML-DSA keys > > security/integrity/digsig_asymmetric.c | 152 +++++++++++++++++++++---- > 1 file changed, 131 insertions(+), 21 deletions(-) > > > base-commit: 82bbd447199ff1441031d2eaf9afe041550cf525 > -- > 2.53.0 >
Hi Stefan, I have tested this patch series on x86_64 and IMA signature v3 appraisal works correctly with ML-DSA keys and appraise_type=sigv3. Signature v3 works with appraise_type=imasig also and I think it is intentional for backward compatibility of ima policies. Tested-by: Kamlesh Kumar <[email protected]>
