An attacker may insert a malicious disk with the same crypto UUID and trick GRUB to mount the fake root. Even though the key from the key protector fails to unlock the fake root, it's not wiped out cleanly so the attacker could dump the memory to retrieve the secret key. To defend such attack, wipe out the cached key when we don't need it.
Cc: Fabian Vogt <[email protected]> Signed-off-by: Gary Lin <[email protected]> Reviewed-by: Stefan Berger <[email protected]> Reviewed-by: Daniel Kiper <[email protected]> --- grub-core/disk/cryptodisk.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/grub-core/disk/cryptodisk.c b/grub-core/disk/cryptodisk.c index 4219f1fb6..5fc41979e 100644 --- a/grub-core/disk/cryptodisk.c +++ b/grub-core/disk/cryptodisk.c @@ -1405,7 +1405,11 @@ grub_cryptodisk_clear_key_cache (struct grub_cryptomount_args *cargs) return; for (i = 0; cargs->protectors[i]; i++) - grub_free (cargs->key_cache[i].key); + { + if (cargs->key_cache[i].key) + grub_memset (cargs->key_cache[i].key, 0, cargs->key_cache[i].key_len); + grub_free (cargs->key_cache[i].key); + } grub_free (cargs->key_cache); } -- 2.43.0 _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
