diff options
author | cinap_lenrek <cinap_lenrek@felloff.net> | 2023-04-08 20:30:47 +0000 |
---|---|---|
committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2023-04-08 20:30:47 +0000 |
commit | 60b1a2f82dc96b254d6dec1bfd1c14ca056c21dd (patch) | |
tree | 1de5c2c26d7f7d0a0def0bbe4c11971a12735730 /sys/src/9/pc64 | |
parent | bd43bd6f1ae1b1ec7ee6873d9fd6766b049802e9 (diff) |
kernel: Clear secrets on reboot
The idea is that when we reboot, we zero out
memory written by processes that have the private
flag set (such as factotum and keyfs), and also
clear the secrmem pool, which contains TLS keys
and the state of the random number generator.
This is so the newly booted kernel or firmware
will not find these secret keys in memory.
Diffstat (limited to 'sys/src/9/pc64')
-rw-r--r-- | sys/src/9/pc64/main.c | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/sys/src/9/pc64/main.c b/sys/src/9/pc64/main.c index 02b551165..3caeece36 100644 --- a/sys/src/9/pc64/main.c +++ b/sys/src/9/pc64/main.c @@ -225,7 +225,6 @@ rebootjump(uintptr entry, uintptr code, ulong size) void (*f)(uintptr, uintptr, ulong); uintptr *pte; - splhi(); arch->introff(); /* @@ -252,13 +251,19 @@ rebootjump(uintptr entry, uintptr code, ulong size) for(;;); } - void exit(int) { cpushutdown(); + splhi(); + if(m->machno) rebootjump(0, 0, 0); + + /* clear secrets */ + zeroprivatepages(); + poolreset(secrmem); + arch->reset(); } @@ -274,7 +279,7 @@ reboot(void *entry, void *code, ulong size) * because the hardware has a notion of which processor was the * boot processor and we look at it at start up. */ - if (m->machno != 0) { + while(m->machno != 0){ procwired(up, 0); sched(); } @@ -288,6 +293,10 @@ reboot(void *entry, void *code, ulong size) /* shutdown devices */ chandevshutdown(); + /* clear secrets */ + zeroprivatepages(); + poolreset(secrmem); + /* disable pci devices */ pcireset(); |