39 lines
1.3 KiB
Diff
39 lines
1.3 KiB
Diff
From 370e435b6ada53314888f04dcd8f096fc11cfadb Mon Sep 17 00:00:00 2001
|
|
From: Gary Lin <glin@suse.com>
|
|
Date: Thu, 3 Aug 2023 15:52:52 +0800
|
|
Subject: [PATCH 3/4] cryptodisk: wipe out the cached keys from protectors
|
|
|
|
An attacker may insert a malicious disk with the same crypto UUID and
|
|
trick grub2 to mount the fake root. Even though the key from the key
|
|
protector fails to unlock the fake root, it's not wiped out cleanly so
|
|
the attacker could dump the memory to retrieve the secret key. To defend
|
|
such attack, wipe out the cached key when we don't need it.
|
|
|
|
Cc: Fabian Vogt <fvogt@suse.com>
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
---
|
|
grub-core/disk/cryptodisk.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
|
|
index f9842f776..aa0d43562 100644
|
|
--- a/grub-core/disk/cryptodisk.c
|
|
+++ b/grub-core/disk/cryptodisk.c
|
|
@@ -1355,7 +1355,11 @@ grub_cryptodisk_clear_key_cache (struct grub_cryptomount_args *cargs)
|
|
return;
|
|
|
|
for (i = 0; cargs->protectors[i]; i++)
|
|
- grub_free (cargs->key_cache[i].key);
|
|
+ {
|
|
+ if (cargs->key_cache[i].key)
|
|
+ grub_memset (cargs->key_cache[i].key, 0, cargs->key_cache[i].key_len);
|
|
+ grub_free (cargs->key_cache[i].key);
|
|
+ }
|
|
|
|
grub_free (cargs->key_cache);
|
|
}
|
|
--
|
|
2.35.3
|
|
|