Reviewed-by: Vladimir Serbinenko [email protected] Regards Vladimir 'phcoder' Serbinenko
Le jeu. 8 mai 2025, 20:04, Daniel Kiper via Grub-devel <[email protected]> a écrit : > From: Maxim Suhanov <[email protected]> > > Switching to another EFI boot application while there are secrets in > RAM is dangerous, because not all firmware is wiping memory on free. > > To reduce the attack surface, wipe the passphrase acquired when > unlocking an encrypted volume. > > Signed-off-by: Maxim Suhanov <[email protected]> > Reviewed-by: Daniel Kiper <[email protected]> > --- > grub-core/disk/cryptodisk.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c > index 544a30d61..7065bcdcb 100644 > --- a/grub-core/disk/cryptodisk.c > +++ b/grub-core/disk/cryptodisk.c > @@ -1302,6 +1302,7 @@ grub_cryptodisk_scan_device_real (const char *name, > > if (askpass) > { > + grub_memset (cargs->key_data, 0, cargs->key_len); > cargs->key_len = 0; > grub_free (cargs->key_data); > } > -- > 2.11.0 > > > _______________________________________________ > Grub-devel mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/grub-devel >
_______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
