| Message ID | 20260422044736.24717-1-hpa@redhat.com |
|---|---|
| Headers | show |
| Series |
|
| Related | show |
Hi Kate, Could you check through the CI report please? It seems to have failed on this series: https://gitlab.freedesktop.org/camera/libcamera/-/pipelines/1656212 -- Kieran Quoting Kate Hsuan (2026-04-22 05:47:32) > This patchset integrates the ML-DSA-65 [1] signature algorithm to ensure > Post-Quantum Cryptography (PQC) compliance. Following NIST's finalization > of PQC standards [2], ML-DSA has been established as the primary > quantum-resistant signature standard. As quantum computing advances, legacy > algorithms like RSA are becoming increasingly vulnerable and are slated > for replacement by 2035 [3]. By adopting ML-DSA for IPA library signing, > this work secures the long-term integrity of the IPA library and aligns > libcamera with the latest NIST security frameworks. > > [1] https://csrc.nist.gov/pubs/fips/204/final > [2] https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)] > [3] https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf > > Changes in v2: > - Change the meson option name from "fips" to "isp-signature-algo". > - Drop the debug print in the pub_key.cpp. > - One line command "openssl pkeyutl" is used to sign the IPA library. > > Kate Hsuan (4): > libcamera: pub_key: Add ML-DSA-65 signature algorithm for PQC > compliance > utils: codegen: gen-ipa-pub-key: replace openssl rsa with openssl pkey > ipa: ipa-sign: Sign IPA according to the signature algorithm of the > key > meson: Add ipa-signature-algo option > > meson_options.txt | 8 +++++ > src/ipa/ipa-sign.sh | 2 +- > src/libcamera/meson.build | 6 ++++ > src/libcamera/pub_key.cpp | 53 ++++++++++++++++++++++++++++++-- > src/meson.build | 14 +++++++-- > utils/codegen/gen-ipa-pub-key.py | 2 +- > utils/gen-ipa-priv-key.sh | 16 ++++++++-- > 7 files changed, 91 insertions(+), 10 deletions(-) > > -- > 2.53.0 >
Hi Kieran, On Thu, Apr 30, 2026 at 12:42 AM Kieran Bingham <kieran.bingham@ideasonboard.com> wrote: > > Hi Kate, > > Could you check through the CI report please? It seems to have failed on > this series: > > https://gitlab.freedesktop.org/camera/libcamera/-/pipelines/1656212 This may be caused by the incorrect bash if statement. I'll fix it in v3 patch. BTW, May I find the results of different OS, such as Fedora? Thank you :) > > -- > Kieran > > Quoting Kate Hsuan (2026-04-22 05:47:32) > > This patchset integrates the ML-DSA-65 [1] signature algorithm to ensure > > Post-Quantum Cryptography (PQC) compliance. Following NIST's finalization > > of PQC standards [2], ML-DSA has been established as the primary > > quantum-resistant signature standard. As quantum computing advances, legacy > > algorithms like RSA are becoming increasingly vulnerable and are slated > > for replacement by 2035 [3]. By adopting ML-DSA for IPA library signing, > > this work secures the long-term integrity of the IPA library and aligns > > libcamera with the latest NIST security frameworks. > > > > [1] https://csrc.nist.gov/pubs/fips/204/final > > [2] https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)] > > [3] https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf > > > > Changes in v2: > > - Change the meson option name from "fips" to "isp-signature-algo". > > - Drop the debug print in the pub_key.cpp. > > - One line command "openssl pkeyutl" is used to sign the IPA library. > > > > Kate Hsuan (4): > > libcamera: pub_key: Add ML-DSA-65 signature algorithm for PQC > > compliance > > utils: codegen: gen-ipa-pub-key: replace openssl rsa with openssl pkey > > ipa: ipa-sign: Sign IPA according to the signature algorithm of the > > key > > meson: Add ipa-signature-algo option > > > > meson_options.txt | 8 +++++ > > src/ipa/ipa-sign.sh | 2 +- > > src/libcamera/meson.build | 6 ++++ > > src/libcamera/pub_key.cpp | 53 ++++++++++++++++++++++++++++++-- > > src/meson.build | 14 +++++++-- > > utils/codegen/gen-ipa-pub-key.py | 2 +- > > utils/gen-ipa-priv-key.sh | 16 ++++++++-- > > 7 files changed, 91 insertions(+), 10 deletions(-) > > > > -- > > 2.53.0 > > >
Quoting Kate Hsuan (2026-05-04 06:18:34) > Hi Kieran, > > On Thu, Apr 30, 2026 at 12:42 AM Kieran Bingham > <kieran.bingham@ideasonboard.com> wrote: > > > > Hi Kate, > > > > Could you check through the CI report please? It seems to have failed on > > this series: > > > > https://gitlab.freedesktop.org/camera/libcamera/-/pipelines/1656212 > > This may be caused by the incorrect bash if statement. I'll fix it in v3 patch. > BTW, May I find the results of different OS, such as Fedora? I'm afraid I think all of our CI is debian based. -- Kieran
This patchset integrates the ML-DSA-65 [1] signature algorithm to ensure Post-Quantum Cryptography (PQC) compliance. Following NIST's finalization of PQC standards [2], ML-DSA has been established as the primary quantum-resistant signature standard. As quantum computing advances, legacy algorithms like RSA are becoming increasingly vulnerable and are slated for replacement by 2035 [3]. By adopting ML-DSA for IPA library signing, this work secures the long-term integrity of the IPA library and aligns libcamera with the latest NIST security frameworks. [1] https://csrc.nist.gov/pubs/fips/204/final [2] https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria)] [3] https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8547.ipd.pdf Changes in v2: - Change the meson option name from "fips" to "isp-signature-algo". - Drop the debug print in the pub_key.cpp. - One line command "openssl pkeyutl" is used to sign the IPA library. Kate Hsuan (4): libcamera: pub_key: Add ML-DSA-65 signature algorithm for PQC compliance utils: codegen: gen-ipa-pub-key: replace openssl rsa with openssl pkey ipa: ipa-sign: Sign IPA according to the signature algorithm of the key meson: Add ipa-signature-algo option meson_options.txt | 8 +++++ src/ipa/ipa-sign.sh | 2 +- src/libcamera/meson.build | 6 ++++ src/libcamera/pub_key.cpp | 53 ++++++++++++++++++++++++++++++-- src/meson.build | 14 +++++++-- utils/codegen/gen-ipa-pub-key.py | 2 +- utils/gen-ipa-priv-key.sh | 16 ++++++++-- 7 files changed, 91 insertions(+), 10 deletions(-)