forked from pool/grub2
8ee92f5194
- Implement NV index mode for TPM 2.0 key protector
0001-protectors-Implement-NV-index.patch
- Fall back to passphrase mode when the key protector fails to
unlock the disk
0002-cryptodisk-Fallback-to-passphrase.patch
- Wipe out the cached key cleanly
0003-cryptodisk-wipe-out-the-cached-keys-from-protectors.patch
- Make diskfiler to look up cryptodisk devices first
0004-diskfilter-look-up-cryptodisk-devices-first.patch
- Version bump to 2.12~rc1
* Added:
- grub-2.12~rc1.tar.xz
* Removed:
- grub-2.06.tar.xz
* Patch dropped merged by new version:
- grub2-GRUB_CMDLINE_LINUX_RECOVERY-for-recovery-mode.patch
- grub2-s390x-02-kexec-module-added-to-emu.patch
- grub2-efi-chainloader-root.patch
- grub2-Fix-incorrect-netmask-on-ppc64.patch
- 0001-osdep-Introduce-include-grub-osdep-major.h-and-use-i.patch
- 0002-osdep-linux-hostdisk-Use-stat-instead-of-udevadm-for.patch
- 0002-net-read-bracketed-ipv6-addrs-and-port-numbers.patch
- grub2-s390x-10-keep-network-at-kexec.patch
- 0001-Fix-build-error-in-binutils-2.36.patch
- 0001-emu-fix-executable-stack-marking.patch
- 0046-squash-verifiers-Move-verifiers-API-to-kernel-image.patch
- 0001-30_uefi-firmware-fix-printf-format-with-null-byte.patch
- 0001-tpm-Pass-unknown-error-as-non-fatal-but-debug-print-.patch
- 0001-Filter-out-POSIX-locale-for-translation.patch
OBS-URL: https://build.opensuse.org/request/show/1105405
OBS-URL: https://build.opensuse.org/package/show/Base:System/grub2?expand=0&rev=458
37 lines
1.2 KiB
Diff
37 lines
1.2 KiB
Diff
From 64494ffc442a5de05b237ad48d27c70d22849a44 Mon Sep 17 00:00:00 2001
|
|
From: Gary Lin <glin@suse.com>
|
|
Date: Thu, 3 Aug 2023 15:52:52 +0800
|
|
Subject: [PATCH 3/4] cryptodisk: wipe out the cached keys from protectors
|
|
|
|
An attacker may insert a malicious disk with the same crypto UUID and
|
|
trick grub2 to mount the fake root. Even though the key from the key
|
|
protector fails to unlock the fake root, it's not wiped out cleanly so
|
|
the attacker could dump the memory to retrieve the secret key. To defend
|
|
such attack, wipe out the cached key when we don't need it.
|
|
|
|
Signed-off-by: Gary Lin <glin@suse.com>
|
|
---
|
|
grub-core/disk/cryptodisk.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c
|
|
index cf37a0934..f42437f4e 100644
|
|
--- a/grub-core/disk/cryptodisk.c
|
|
+++ b/grub-core/disk/cryptodisk.c
|
|
@@ -1348,7 +1348,11 @@ grub_cryptodisk_clear_key_cache (struct grub_cryptomount_args *cargs)
|
|
return;
|
|
|
|
for (i = 0; cargs->protectors[i]; i++)
|
|
- grub_free (cargs->key_cache[i].key);
|
|
+ {
|
|
+ if (cargs->key_cache[i].key)
|
|
+ grub_memset (cargs->key_cache[i].key, 0, cargs->key_cache[i].key_len);
|
|
+ grub_free (cargs->key_cache[i].key);
|
|
+ }
|
|
|
|
grub_free (cargs->key_cache);
|
|
}
|
|
--
|
|
2.35.3
|
|
|