Skip to content

Commit 7e64e91

Browse files
danielinuxdanielinux
committed
zero decrypted disk header on exit
F/1104
1 parent 805b16e commit 7e64e91

1 file changed

Lines changed: 13 additions & 0 deletions

File tree

src/update_disk.c

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,11 @@ static void disk_crypto_clear(void)
221221
ForceZero(disk_encrypt_nonce, sizeof(disk_encrypt_nonce));
222222
}
223223

224+
static void disk_decrypted_header_clear(uint8_t *hdr)
225+
{
226+
ForceZero(hdr, IMAGE_HEADER_SIZE);
227+
}
228+
224229
#endif /* DISK_ENCRYPT */
225230

226231
extern int wolfBoot_get_dts_size(void *dts_addr);
@@ -267,12 +272,14 @@ void RAMFUNCTION wolfBoot_start(void)
267272
#ifdef DISK_ENCRYPT
268273
/* Initialize encryption - this sets up the cipher with key from storage */
269274
if (wolfBoot_initialize_encryption() != 0) {
275+
disk_decrypted_header_clear(dec_hdr);
270276
disk_crypto_clear();
271277
wolfBoot_printf("Error initializing encryption\r\n");
272278
wolfBoot_panic();
273279
}
274280
/* Retrieve encryption key and nonce for disk decryption */
275281
if (wolfBoot_get_encrypt_key(disk_encrypt_key, disk_encrypt_nonce) != 0) {
282+
disk_decrypted_header_clear(dec_hdr);
276283
disk_crypto_clear();
277284
wolfBoot_printf("Error getting encryption key\r\n");
278285
wolfBoot_panic();
@@ -283,13 +290,15 @@ void RAMFUNCTION wolfBoot_start(void)
283290
ret = disk_init(BOOT_DISK);
284291
if (ret != 0) {
285292
#ifdef DISK_ENCRYPT
293+
disk_decrypted_header_clear(dec_hdr);
286294
disk_crypto_clear();
287295
#endif
288296
wolfBoot_panic();
289297
}
290298

291299
if (disk_open(BOOT_DISK) < 0) {
292300
#ifdef DISK_ENCRYPT
301+
disk_decrypted_header_clear(dec_hdr);
293302
disk_crypto_clear();
294303
#endif
295304
wolfBoot_printf("Error opening disk %d\r\n", BOOT_DISK);
@@ -328,6 +337,7 @@ void RAMFUNCTION wolfBoot_start(void)
328337

329338
if ((pB_ver == 0) && (pA_ver == 0)) {
330339
#ifdef DISK_ENCRYPT
340+
disk_decrypted_header_clear(dec_hdr);
331341
disk_crypto_clear();
332342
#endif
333343
wolfBoot_printf("No valid OS image found in either partition %d or %d\r\n",
@@ -433,6 +443,7 @@ void RAMFUNCTION wolfBoot_start(void)
433443
wolfBoot_printf("Decrypting image...");
434444
BENCHMARK_START();
435445
if ((IMAGE_HEADER_SIZE % ENCRYPT_BLOCK_SIZE) != 0) {
446+
disk_decrypted_header_clear(dec_hdr);
436447
disk_crypto_clear();
437448
wolfBoot_printf("Encrypted disk images require aligned header size\r\n");
438449
wolfBoot_panic();
@@ -482,6 +493,7 @@ void RAMFUNCTION wolfBoot_start(void)
482493

483494
if (failures) {
484495
#ifdef DISK_ENCRYPT
496+
disk_decrypted_header_clear(dec_hdr);
485497
disk_crypto_clear();
486498
#endif
487499
wolfBoot_printf("Unable to find a valid partition!\r\n");
@@ -542,6 +554,7 @@ void RAMFUNCTION wolfBoot_start(void)
542554
wolfBoot_hook_boot(&os_image);
543555
#endif
544556
#ifdef DISK_ENCRYPT
557+
disk_decrypted_header_clear(dec_hdr);
545558
disk_crypto_clear();
546559
#endif
547560
do_boot((uint32_t*)load_address

0 commit comments

Comments
 (0)