Run secdiscard on encrypted key and key blob too

Don't rely on cryptographic binding of secdiscard to key; securely
delete the other information needed to reconstruct the key too.

Bug: 26021231
Change-Id: If03d2c051b0ec2fdcb5c6f70bde7e3287424f216
gugelfrei
Paul Crowley 8 years ago
parent 2143ee8d61
commit beb33a67e1

@ -314,9 +314,13 @@ static bool deleteKey(const std::string& dir) {
return true;
}
static bool secdiscardSecdiscardable(const std::string& dir) {
static bool runSecdiscard(const std::string& dir) {
if (ForkExecvp(
std::vector<std::string>{kSecdiscardPath, "--", dir + "/" + kFn_secdiscardable}) != 0) {
std::vector<std::string>{kSecdiscardPath, "--",
dir + "/" + kFn_encrypted_key,
dir + "/" + kFn_keymaster_key_blob,
dir + "/" + kFn_secdiscardable,
}) != 0) {
LOG(ERROR) << "secdiscard failed";
return false;
}
@ -335,7 +339,7 @@ bool destroyKey(const std::string& dir) {
bool success = true;
// Try each thing, even if previous things failed.
success &= deleteKey(dir);
success &= secdiscardSecdiscardable(dir);
success &= runSecdiscard(dir);
success &= recursiveDeleteKey(dir);
return success;
}

Loading…
Cancel
Save