Merge pull request #526 from tlaurion/shred_secrets

Use shred instead of rm on secret related files.

initrd/bin/kexec-seal-key

@@ -117,7 +117,7 @@ tpm sealfile2 \
 	-ix 7 X \
 || die "Unable to seal secret"
 
-rm -f "$KEY_FILE" \
+shred -n 10 -z -u "$KEY_FILE" 2> /dev/null \
 || die "Failed to delete key file"
 
 # try it without the owner password first
@@ -150,5 +150,5 @@ if ! tpm nv_writevalue \
 	|| die "Unable to write sealed secret to NVRAM"
 fi
 
-rm "$TPM_SEALED" \
+shred -n 10 -z -u "$TPM_SEALED" 2> /dev/null \
 || warn "Failed to delete the sealed secret - continuing"

initrd/bin/kexec-unseal-key

@@ -38,7 +38,7 @@ for tries in 1 2 3; do
 		-hk 40000000 \
 	; then
 		# should be okay if this fails
-		rm -f /tmp/secret/sealed || true
+		shred -n 10 -z -u /tmp/secret/sealed 2> /dev/null || true
 		exit 0
 	fi
 

initrd/bin/seal-libremkey

@@ -28,9 +28,9 @@ tpm unsealfile  \
 	-of "$HOTP_SECRET" \
 || die "Unable to unseal HOTP secret"
 
-rm -f "$HOTP_SEALED"
+shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null
 secret="`cat $HOTP_SECRET`"
-rm -f "$HOTP_SECRET"
+shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null
 
 # Store counter in file instead of TPM for now, as it conflicts with Heads
 # config TPM counter as TPM 1.2 can only increment one counter between reboots

initrd/bin/seal-totp

@@ -43,10 +43,12 @@ if ! tpm sealfile2 \
 	-ix 4 0000000000000000000000000000000000000000 \
 	-ix 7 X \
 ; then
-	rm -f "$TOTP_SECRET"
-	 die "Unable to seal secret"
+	shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
+	die "Unable to seal secret"
 fi
 
+shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
+
 
 # to create an nvram space we need the TPM owner password
 # and the TPM physical presence must be asserted.
@@ -79,7 +81,7 @@ if ! tpm nv_writevalue \
 	|| die "Unable to write sealed secret to NVRAM"
 fi
 
-rm -f "$TOTP_SEALED"
+shred -n 10 -z -u "$TOTP_SEALED" 2> /dev/null
 
 url="otpauth://totp/$HOST?secret=$secret"
 secret=""

initrd/bin/unseal-hotp

@@ -28,7 +28,7 @@ tpm unsealfile  \
 	-of "$HOTP_SECRET" \
 || die "Unable to unseal HOTP secret"
 
-rm -f "$HOTP_SEALED"
+shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null
 
 # Store counter in file instead of TPM for now, as it conflicts with Heads
 # config TPM counter as TPM 1.2 can only increment one counter between reboots
@@ -51,11 +51,11 @@ fi
 #counter_value=$(printf "%d" 0x${counter_value})
 
 if ! hotp $counter_value < "$HOTP_SECRET"; then
-	rm -f "$HOTP_SECRET"
+	shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null
 	die 'Unable to compute HOTP hash?'
 fi
 
-rm -f "$HOTP_SECRET"
+shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null
 
 #increment_tpm_counter $counter > /dev/null \
 #|| die "Unable to increment tpm counter"

initrd/bin/unseal-totp

@@ -18,12 +18,12 @@ tpm unsealfile  \
 	-of "$TOTP_SECRET" \
 || die "Unable to unseal totp secret"
 
-rm -f "$TOTP_SEALED"
+shred -n 10 -z -u "$TOTP_SEALED" 2> /dev/null
 
 if ! totp -q < "$TOTP_SECRET"; then
-	rm -f "$TOTP_SECRET"
+	shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
 	die 'Unable to compute TOTP hash?'
 fi
 
-rm -f "$TOTP_SECRET"
+shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null
 exit 0

initrd/etc/functions

@@ -15,6 +15,7 @@ recovery() {
 
 	# Remove any temporary secret files that might be hanging around
 	# but recreate the directory so that new tools can use it.
+	shred -n 10 -z -u /tmp/secret/* 2> /dev/null
 	rm -rf /tmp/secret
 	mkdir -p /tmp/secret