kernel: Clear secrets on reboot

The idea is that when we reboot, we zero out memory written by processes that have the private flag set (such as factotum and keyfs), and also clear the secrmem pool, which contains TLS keys and the state of the random number generator. This is so the newly booted kernel or firmware will not find these secret keys in memory.
author: cinap_lenrek <cinap_lenrek@felloff.net> 2023-04-08 20:30:47 +0000
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2023-04-08 20:30:47 +0000
commit: 60b1a2f82dc96b254d6dec1bfd1c14ca056c21dd (patch)
tree: 1de5c2c26d7f7d0a0def0bbe4c11971a12735730 /sys/src/9/port/rebootcmd.c
parent: bd43bd6f1ae1b1ec7ee6873d9fd6766b049802e9 (diff)
1 files changed, 11 insertions, 1 deletions
diff --git a/sys/src/9/port/rebootcmd.c b/sys/src/9/port/rebootcmd.c
index 4f3b8fb03..7aef57d19 100644
--- a/sys/src/9/port/rebootcmd.c
+++ b/sys/src/9/port/rebootcmd.c
@@ -33,8 +33,18 @@ rebootcmd(int argc, char *argv[])
 	ulong magic, text, rtext, entry, data, size, align;
 	uchar *p;
 
-	if(argc == 0)
+	if(argc == 0){
+		/*
+		 * call exit() from cpu0, so zeroprivatepages()
+		 * has our user process for kmap().
+		 */
+		while(m->machno != 0){
+			procwired(up, 0);
+			sched();
+		}
 		exit(0);
+		return;
+	}
 
 	c = namec(argv[0], Aopen, OEXEC, 0);
 	if(waserror()){
author	cinap_lenrek <cinap_lenrek@felloff.net>	2023-04-08 20:30:47 +0000
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2023-04-08 20:30:47 +0000
commit	60b1a2f82dc96b254d6dec1bfd1c14ca056c21dd (patch)
tree	1de5c2c26d7f7d0a0def0bbe4c11971a12735730 /sys/src/9/port/rebootcmd.c
parent	bd43bd6f1ae1b1ec7ee6873d9fd6766b049802e9 (diff)