remove TPM secret debug logging

danielinux · danielinux · commit 805b16e29c25 · 2026-03-22T10:07:27.000+01:00
F/1103
diff --git a/src/update_flash.c b/src/update_flash.c
@@ -1241,7 +1241,6 @@ int wolfBoot_unlock_disk(void)
             ret = wolfBoot_get_random(secret, secretSz);
             if (ret == 0) {
                 wolfBoot_printf("Creating new secret (%d bytes)\n", secretSz);
-                wolfBoot_print_hexstr(secret, secretSz, 0);
 
                 /* seal new secret */
                 ret = wolfBoot_seal(pubkey_hint, policy, policySz, nvIndex,
@@ -1265,15 +1264,13 @@ int wolfBoot_unlock_disk(void)
                 }
 
                 wolfBoot_printf("Secret Check %d bytes\n", secretCheckSz);
-                wolfBoot_print_hexstr(secretCheck, secretCheckSz, 0);
                 TPM2_ForceZero(secretCheck, sizeof(secretCheck));
             }
         }
     }
 
     if (ret == 0) {
         wolfBoot_printf("Secret %d bytes\n", secretSz);
-        wolfBoot_print_hexstr(secret, secretSz, 0);
 
         /* TODO: Unlock disk */
 
diff --git a/src/x86/ahci.c b/src/x86/ahci.c
@@ -281,7 +281,6 @@ static int sata_create_and_seal_unlock_secret(const uint8_t *pubkey_hint,
     ret = sata_get_random_base64(secret, secret_size);
     if (ret == 0) {
         wolfBoot_printf("Creating new secret (%d bytes)\r\n", *secret_size);
-        wolfBoot_printf("%s\r\n", secret);
 
         /* seal new secret */
         ret = wolfBoot_seal(pubkey_hint, policy, policy_size,
@@ -305,14 +304,11 @@ static int sata_create_and_seal_unlock_secret(const uint8_t *pubkey_hint,
         }
 
         wolfBoot_printf("Secret Check %d bytes\n", secret_check_sz);
-        wolfBoot_printf("%s\r\n", secret_check);
         TPM2_ForceZero(secret_check, sizeof(secret_check));
     }
 
-    if (ret == 0) {
+    if (ret == 0)
         wolfBoot_printf("Secret %d bytes\n", *secret_size);
-        wolfBoot_printf("%s\r\n", secret);
-    }
 
     return ret;
 }
@@ -414,9 +410,6 @@ int sata_unlock_disk(int drv, int freeze)
     r = sata_get_unlock_secret(secret, &secret_size);
     if (r != 0)
         return r;
-#ifdef TARGET_x86_fsp_qemu
-    wolfBoot_printf("DISK LOCK SECRET: %s\r\n", secret);
-#endif
     ata_st = ata_security_get_state(drv);
     wolfBoot_printf("ATA: Security state SEC%d\r\n", ata_st);
 #if defined(TARGET_x86_fsp_qemu)

Original file line number	Diff line number	Diff line change
`@@ -1241,7 +1241,6 @@ int wolfBoot_unlock_disk(void)`
`1241`	`1241`	`ret = wolfBoot_get_random(secret, secretSz);`
`1242`	`1242`	`if (ret == 0) {`
`1243`	`1243`	`wolfBoot_printf("Creating new secret (%d bytes)\n", secretSz);`
`1244`		`- wolfBoot_print_hexstr(secret, secretSz, 0);`
`1245`	`1244`
`1246`	`1245`	`/* seal new secret */`
`1247`	`1246`	`ret = wolfBoot_seal(pubkey_hint, policy, policySz, nvIndex,`
`@@ -1265,15 +1264,13 @@ int wolfBoot_unlock_disk(void)`
`1265`	`1264`	`}`
`1266`	`1265`
`1267`	`1266`	`wolfBoot_printf("Secret Check %d bytes\n", secretCheckSz);`
`1268`		`- wolfBoot_print_hexstr(secretCheck, secretCheckSz, 0);`
`1269`	`1267`	`TPM2_ForceZero(secretCheck, sizeof(secretCheck));`
`1270`	`1268`	`}`
`1271`	`1269`	`}`
`1272`	`1270`	`}`
`1273`	`1271`
`1274`	`1272`	`if (ret == 0) {`
`1275`	`1273`	`wolfBoot_printf("Secret %d bytes\n", secretSz);`
`1276`		`- wolfBoot_print_hexstr(secret, secretSz, 0);`
`1277`	`1274`
`1278`	`1275`	`/* TODO: Unlock disk */`
`1279`	`1276`