git.ipfire.org Git - thirdparty/grub.git/commit

]> git.ipfire.org Git - thirdparty/grub.git/commit

projects / thirdparty / grub.git / commit

author	Maxim Suhanov <dfirblog@gmail.com>
	Tue, 4 Mar 2025 12:27:59 +0000 (15:27 +0300)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 6 May 2025 15:14:03 +0000 (17:14 +0200)
commit	dbc0eb5bd1f40de9b394e3a86e84f46c39a23e40
tree	339e65d7adae1a456c3cbe9fbbcd14b6fe8bfeb5	tree
parent	301b4ef25a8fafaeba48498e97efd28bd2809f97	commit \| diff

disk/cryptodisk: Wipe the passphrase from memory

Switching to another EFI boot application while there are secrets in
RAM is dangerous, because not all firmware is wiping memory on free.

To reduce the attack surface, wipe the passphrase acquired when
unlocking an encrypted volume.

Signed-off-by: Maxim Suhanov <dfirblog@gmail.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

grub-core/disk/cryptodisk.c

diff | blob | blame | history

Mirror of https://git.savannah.gnu.org/git/grub.git

RSS Atom