On Fri, Jun 28, 2024 at 04:19:05PM +0800, Gary Lin via Grub-devel wrote: > An attacker may insert a malicious disk with the same crypto UUID and > trick grub2 to mount the fake root. Even though the key from the key > protector fails to unlock the fake root, it's not wiped out cleanly so > the attacker could dump the memory to retrieve the secret key. To defend > such attack, wipe out the cached key when we don't need it. > > Cc: Fabian Vogt <fv...@suse.com> > Signed-off-by: Gary Lin <g...@suse.com> > Reviewed-by: Stefan Berger <stef...@linux.ibm.com>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
