Processors
Intel® Processors, Tools, and Utilities
16109 Discussions

BootGuard support for Post Quantum Algorithms

Dandiest_Fish
Beginner
1,394 Views

The NSA has announced that RSA and other assymetric algorithms are being deprecated and that by 2025 the new, post-quantum algorithms will be preferred for validating digital signatures of firmware. 

What is the timeline and how does Intel's roadmap look like as far as implementing the new CNSA 2.0 algorithms -- LMS, XMSS,  into BootGuard?

0 Kudos
3 Replies
Steven_Intel
Moderator
1,372 Views

Hello Dandiest_Fish,


Thank you for posting on the Intel® communities.


I will research about your question and as soon as I have an update, I will get back to you.


Best regards,


Steven G.

Intel Customer Support Technician.



0 Kudos
Steven_Intel
Moderator
1,346 Views

Hello Dandiest_Fish


For information about new outcomes, you can visit Intel Newsroom (https://www.intel.com/content/www/us/en/newsroom/categories.html). You may also check: The Journey to Building a True Quantum Computer Quantum practicality is on the way, but still has a long way to go (https://www.intel.com/content/www/us/en/newsroom/opinion/journey-building-true-quantum-computer.html#gs.q47awl).


Feel free to check information, resources to developer programs, development tools, and public, and Intel Confidential documentation in the developer zone (https://www.intel.com/content/www/us/en/support/articles/000058073/programs/resource-and-documentation-center.html).


If you need any additional information, please submit a new question, as this thread will no longer be monitored.  


Best regards,


Steven G.

Intel Customer Support Technician.


0 Kudos
Dandiest_Fish
Beginner
1,327 Views

thank you for the reply. However it leaves the question unanswered. The DoD requires CNSA 2.0 algorithms for firmware verification by 2030. Boot Guard is used to verify firmware signatures. therefore, Boot Guard needs to use CNSA 2.0 asymmetric algorithms if it is to be used in DoD systems. 

 

My question is, is Intel aware of this and if so, what is the plan for updating Boot Guard to support these newer digital signature algorithms?

 

 

0 Kudos
Reply