The Impact of Post Quantum Cryptography on UEFI BIOS

In order to resist the threat from quantum computers, National Institute of Standard and Technology (NIST) started the Post-Quantum Cryptography (PQC) project in 2016 and tried to define a set of new standard - quantum-resistant public-key cryptographic algorithms. Now two stateless hash-based signature (HBS) algorithms (XMSS in RFC 8391 and LMS in RFC 8554) are approved in NIST SP 800-208 for some special use case, such as digital signature verification on firmware update. The third round algorithms (9 key establishment algorithms and 6 general digital signature algorithms) are submitted. The industry is evaluating the impact of adoption of these post quantum cryptography algorithms, such as network transport layer security (TLS) protocol. And there are also projects prototyping the PQC algorithm to make the hardware and software ready for that trend, such as liboqs in open quantum safe project. The UEFI BIOS includes a set of security feature that requires the cryptography, such as secured boot, capsule update, secure recovery, HTTPS boot, measured boot, etc.

In this presentation, the speakers will introduce the impact of the PQC to the UEFI BIOS and the prototype work to adopt the PQC in the firmware area.

Tuesday, July 27, 2021