summaryrefslogtreecommitdiff
path: root/sys/src/9/pc64
diff options
context:
space:
mode:
authorcinap_lenrek <cinap_lenrek@felloff.net>2023-04-08 20:30:47 +0000
committercinap_lenrek <cinap_lenrek@felloff.net>2023-04-08 20:30:47 +0000
commit60b1a2f82dc96b254d6dec1bfd1c14ca056c21dd (patch)
tree1de5c2c26d7f7d0a0def0bbe4c11971a12735730 /sys/src/9/pc64
parentbd43bd6f1ae1b1ec7ee6873d9fd6766b049802e9 (diff)
kernel: Clear secrets on reboot
The idea is that when we reboot, we zero out memory written by processes that have the private flag set (such as factotum and keyfs), and also clear the secrmem pool, which contains TLS keys and the state of the random number generator. This is so the newly booted kernel or firmware will not find these secret keys in memory.
Diffstat (limited to 'sys/src/9/pc64')
-rw-r--r--sys/src/9/pc64/main.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/sys/src/9/pc64/main.c b/sys/src/9/pc64/main.c
index 02b551165..3caeece36 100644
--- a/sys/src/9/pc64/main.c
+++ b/sys/src/9/pc64/main.c
@@ -225,7 +225,6 @@ rebootjump(uintptr entry, uintptr code, ulong size)
void (*f)(uintptr, uintptr, ulong);
uintptr *pte;
- splhi();
arch->introff();
/*
@@ -252,13 +251,19 @@ rebootjump(uintptr entry, uintptr code, ulong size)
for(;;);
}
-
void
exit(int)
{
cpushutdown();
+ splhi();
+
if(m->machno)
rebootjump(0, 0, 0);
+
+ /* clear secrets */
+ zeroprivatepages();
+ poolreset(secrmem);
+
arch->reset();
}
@@ -274,7 +279,7 @@ reboot(void *entry, void *code, ulong size)
* because the hardware has a notion of which processor was the
* boot processor and we look at it at start up.
*/
- if (m->machno != 0) {
+ while(m->machno != 0){
procwired(up, 0);
sched();
}
@@ -288,6 +293,10 @@ reboot(void *entry, void *code, ulong size)
/* shutdown devices */
chandevshutdown();
+ /* clear secrets */
+ zeroprivatepages();
+ poolreset(secrmem);
+
/* disable pci devices */
pcireset();