From 7735f69aaa07bc63265d9ef8ca7cee77fcc77fbc Mon Sep 17 00:00:00 2001
From: "JianFeng,Zhou" <jianfeng.zhou@intel.com>
Date: Tue, 12 May 2020 14:39:09 +0800
Subject: [PATCH] scrub seed and rpmb key passed to TOS

To reduce the risk of seed and rpmb key leak, scrub seed and rpmb key
passed to TOS after TOS loaded.

Signed-off-by: JianFeng,Zhou <jianfeng.zhou@intel.com>
---
 libkernelflinger/trusty_efi.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)
 mode change 100755 => 100644 libkernelflinger/trusty_efi.c

diff --git a/libkernelflinger/trusty_efi.c b/libkernelflinger/trusty_efi.c
old mode 100755
new mode 100644
index b9e2e22f..7c064448
--- a/libkernelflinger/trusty_efi.c
+++ b/libkernelflinger/trusty_efi.c
@@ -32,6 +32,7 @@
 #include <efiapi.h>
 #include <efilib.h>
 #include <uefi_utils.h>
+#include <openssl/crypto.h>
 
 #include "vars.h"
 #include "lib.h"
@@ -381,7 +382,6 @@ static EFI_STATUS start_tos_image(IN VOID *bootimage)
                         (UINTN)load_base + tos_header->entry_offset);
         debug(L"Call TOS loader entry_addr = 0x%x", call_entry);
         tos_ret = call_entry(startup_info_v2);
-
         if (tos_ret) {
                 efi_perror(tos_ret, L"Load and start Trusty OS failed");
                 ret = EFI_INVALID_PARAMETER;
@@ -390,6 +390,8 @@ static EFI_STATUS start_tos_image(IN VOID *bootimage)
         debug(L"TOS launch succeeded!");
 
 cleanup:
+        OPENSSL_cleanse(startup_info_v2->seed_list, sizeof(startup_info_v2->seed_list));
+        OPENSSL_cleanse(startup_info_v2->rpmb_key, sizeof(startup_info_v2->rpmb_key));
         stop_bls_proto();
         if (EFI_ERROR(ret)) {
                 efi_perror(ret, L"Error has occurred!");