linux-integrity · mimizohar · May 5, 2026 · Apr 19, 2026 · Mar 24, 2026 · Apr 17, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -31,7 +31,7 @@ jobs:
         if [ "$count" -eq 0 ]; then
           exit 0
         fi
-        scripts/checkpatch.pl patches/*  --strict --terse  --no-tree --ignore CONST_STRUCT,VOLATILE,SPLIT_STRING,FILE_PATH_CHANGES,EXECUTE_PERMISSIONS,UNKNOWN_COMMIT_ID,BAD_SIGN_OFF,PREFER_DEFINED_ATTRIBUTE_MACRO,PREFER_KERNEL_TYPES
+        scripts/checkpatch.pl patches/*  --strict --terse  --no-tree --ignore CONST_STRUCT,VOLATILE,SPLIT_STRING,FILE_PATH_CHANGES,EXECUTE_PERMISSIONS,UNKNOWN_COMMIT_ID,BAD_SIGN_OFF,PREFER_DEFINED_ATTRIBUTE_MACRO,PREFER_KERNEL_TYPES,EMBEDDED_FUNCTION_NAME
 
   build:
     needs: review

diff --git a/README b/README
@@ -153,7 +153,8 @@ in the kernel (since kernel 3.9). CONFIG_INTEGRITY_ASYMMETRIC_KEYS must be enabl
 
 For v2 and v3 signatures x509 certificate (containing the public key) could be appended to the
 private key (they both are in PEM format) to automatically extract keyid from its Subject
-Key Identifier (SKID).
+Key Identifier (SKID). v3 signatures can be created with the --v3 option. This signature format
+is required for signing with ML-DSA keys.
 
 Integrity keyrings
 ----------------

diff --git a/examples/functions b/examples/functions
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: GPL-2.0-or-later
 
 # For help screens to display supported algorithms
-SUPPORTED_ALGORITHMS="rsa:2048, rsa:3072, rsa:4096, prime256v1, secp384r1, and secp521r1"
+SUPPORTED_ALGORITHMS="rsa:2048, rsa:3072, rsa:4096, prime256v1, secp384r1, secp521r1, mldsa44, mldsa65, and mldsa87"
 
 # Get the OpenSSL keyalgo parameter
 # @param1: The key algorithm; must be a name that OpenSSL command line tool
@@ -16,6 +16,15 @@ get_ossl_keyalgo()
 	prime256v1|secp384r1|secp521r1)
 		echo "ec"
 		;;
+	mldsa44|mldsa65|mldsa87)
+		# ML-DSA requires OpenSSL 3.5.0 or later
+		maj=$(openssl version | awk '{print $2}' | cut -d. -f1)
+		min=$(openssl version | awk '{print $2}' | cut -d. -f2)
+		if [ "${maj}" -lt 3 ] || { [ "${maj}" -eq 3 ] && [ "${min}" -lt 5 ]; }; then
+			echo "The openssl tool is too old (v${maj}.${min}) to support ML-DSA. Need at least v3.5.0." >&2
+			return 1
+		fi
+		echo "$1"
 	esac
 }
 
@@ -31,6 +40,9 @@ get_ossl_keyalgo_detail()
 	prime256v1|secp384r1|secp521r1)
 		echo "-pkeyopt ec_paramgen_curve:${keyalgo}"
 		;;
+	mldsa44|mldsa65|mldsa87)
+		echo ""
+		;;
 	esac
 }
 
@@ -173,6 +185,9 @@ __EOF__
 	primve256v1|secp384r1|secp521r1)
 		openssl ec -pubout -in privkey_evm.pem -out pubkey_evm.pem
 		;;
+	mldsa44|mldsa65|mldsa87)
+		openssl pkey -pubout -in privkey_evm.pem -out pubkey_evm.pem
+		;;
 	esac
 
 	return $?

diff --git a/src/evmctl.c b/src/evmctl.c
@@ -347,7 +347,7 @@ static int calc_evm_hash(const char *file, const char *hash_algo,
 	EVP_MD_CTX *pctx;
 	unsigned int mdlen;
 	char **xattrname;
-	char xattr_value[1024];
+	char xattr_value[MAX_SIGNATURE_SIZE];
 	char list[1024];
 	ssize_t list_size;
 	char uuid[16];
@@ -617,6 +617,10 @@ static int sign_evm(const char *file, char *hash_algo, const char *key)
 		if (err < 0) {
 			log_errno_reset(LOG_ERR, "Setting EVM xattr failed: %s",
 					file);
+			if (len >= 4096)
+				log_err("The signature with %zu bytes is likely too large for the file "
+					"extended attribute. Consider using a different key type.\n",
+					len);
 			return err;
 		}
 	}

diff --git a/src/imaevm.h b/src/imaevm.h
@@ -74,8 +74,11 @@ typedef struct ossl_provider_st OSSL_PROVIDER;
 #define	DATA_SIZE	4096
 #define SHA1_HASH_LEN   20
 
+#define ML_DSA_87_SIGNATURE_SIZE	4627
+
 #define MAX_DIGEST_SIZE		64
-#define MAX_SIGNATURE_SIZE	1024
+#define MAX_SIGNATURE_SIZE	(1 + sizeof(struct signature_v2_hdr) + \
+				 ML_DSA_87_SIGNATURE_SIZE)
 
 /*
  * The maximum template data size is dependent on the template format. For