Hello, I would really appreciate your feedback on this project i have been working on.
Two converging threats are making classical attestation obsolete in 2026:

Supply-chain attacks are accelerating. SolarWinds, XZ Utils, and dozens of lesser-known incidents show that firmware can be compromised at build time. Existing attestation stacks (TPM 2.0, DICE, TDX) prove what is running — but carry no cryptographic proof of how it was built or who signed it off.

Post-quantum migration is overdue. RSA and ECDSA underpin today's attestation chains and are broken by Shor's algorithm. NIST finalised ML-DSA (FIPS 204) and ML-KEM (FIPS 203) in 2024. Devices deployed today may still be in service when cryptographically-relevant quantum computers arrive.

PQ-RASCV addresses both in a single embedded-first library. Every attestation quote is post-quantum signed and supply-chain provenance-linked no separately bolted-on components.

The project is completely open source and can be accessed here: GitHub - comwanga/pqrascv-core: Post-Quantum Remote Attestation & Supply Chain Verification · GitHub

The documentation and more details can be viewed here: crates.io: Rust Package Registry

1 post - 1 participant

Read full topic