diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key index f574b558..46980af8 100755 --- a/initrd/bin/kexec-seal-key +++ b/initrd/bin/kexec-seal-key @@ -117,7 +117,7 @@ tpm sealfile2 \ -ix 7 X \ || die "Unable to seal secret" -rm -f "$KEY_FILE" \ +shred -n 10 -z -u "$KEY_FILE" 2> /dev/null \ || die "Failed to delete key file" # try it without the owner password first @@ -150,5 +150,5 @@ if ! tpm nv_writevalue \ || die "Unable to write sealed secret to NVRAM" fi -rm "$TPM_SEALED" \ +shred -n 10 -z -u "$TPM_SEALED" 2> /dev/null \ || warn "Failed to delete the sealed secret - continuing" diff --git a/initrd/bin/kexec-unseal-key b/initrd/bin/kexec-unseal-key index 122ede4d..e016f5bd 100755 --- a/initrd/bin/kexec-unseal-key +++ b/initrd/bin/kexec-unseal-key @@ -38,7 +38,7 @@ for tries in 1 2 3; do -hk 40000000 \ ; then # should be okay if this fails - rm -f /tmp/secret/sealed || true + shred -n 10 -z -u /tmp/secret/sealed 2> /dev/null || true exit 0 fi diff --git a/initrd/bin/seal-libremkey b/initrd/bin/seal-libremkey index ddee9e97..7203b719 100755 --- a/initrd/bin/seal-libremkey +++ b/initrd/bin/seal-libremkey @@ -28,9 +28,9 @@ tpm unsealfile \ -of "$HOTP_SECRET" \ || die "Unable to unseal HOTP secret" -rm -f "$HOTP_SEALED" +shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null secret="`cat $HOTP_SECRET`" -rm -f "$HOTP_SECRET" +shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null # Store counter in file instead of TPM for now, as it conflicts with Heads # config TPM counter as TPM 1.2 can only increment one counter between reboots diff --git a/initrd/bin/seal-totp b/initrd/bin/seal-totp index f46f4520..f33449e5 100755 --- a/initrd/bin/seal-totp +++ b/initrd/bin/seal-totp @@ -43,10 +43,12 @@ if ! tpm sealfile2 \ -ix 4 0000000000000000000000000000000000000000 \ -ix 7 X \ ; then - rm -f "$TOTP_SECRET" - die "Unable to seal secret" + shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null + die "Unable to seal secret" fi +shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null + # to create an nvram space we need the TPM owner password # and the TPM physical presence must be asserted. @@ -79,7 +81,7 @@ if ! tpm nv_writevalue \ || die "Unable to write sealed secret to NVRAM" fi -rm -f "$TOTP_SEALED" +shred -n 10 -z -u "$TOTP_SEALED" 2> /dev/null url="otpauth://totp/$HOST?secret=$secret" secret="" diff --git a/initrd/bin/unseal-hotp b/initrd/bin/unseal-hotp index 8d4ef192..5a697f36 100755 --- a/initrd/bin/unseal-hotp +++ b/initrd/bin/unseal-hotp @@ -28,7 +28,7 @@ tpm unsealfile \ -of "$HOTP_SECRET" \ || die "Unable to unseal HOTP secret" -rm -f "$HOTP_SEALED" +shred -n 10 -z -u "$HOTP_SEALED" 2> /dev/null # Store counter in file instead of TPM for now, as it conflicts with Heads # config TPM counter as TPM 1.2 can only increment one counter between reboots @@ -51,11 +51,11 @@ fi #counter_value=$(printf "%d" 0x${counter_value}) if ! hotp $counter_value < "$HOTP_SECRET"; then - rm -f "$HOTP_SECRET" + shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null die 'Unable to compute HOTP hash?' fi -rm -f "$HOTP_SECRET" +shred -n 10 -z -u "$HOTP_SECRET" 2> /dev/null #increment_tpm_counter $counter > /dev/null \ #|| die "Unable to increment tpm counter" diff --git a/initrd/bin/unseal-totp b/initrd/bin/unseal-totp index c123ba0e..c9c339b1 100755 --- a/initrd/bin/unseal-totp +++ b/initrd/bin/unseal-totp @@ -18,12 +18,12 @@ tpm unsealfile \ -of "$TOTP_SECRET" \ || die "Unable to unseal totp secret" -rm -f "$TOTP_SEALED" +shred -n 10 -z -u "$TOTP_SEALED" 2> /dev/null if ! totp -q < "$TOTP_SECRET"; then - rm -f "$TOTP_SECRET" + shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null die 'Unable to compute TOTP hash?' fi -rm -f "$TOTP_SECRET" +shred -n 10 -z -u "$TOTP_SECRET" 2> /dev/null exit 0 diff --git a/initrd/etc/functions b/initrd/etc/functions index 8913870e..453590b8 100755 --- a/initrd/etc/functions +++ b/initrd/etc/functions @@ -15,6 +15,7 @@ recovery() { # Remove any temporary secret files that might be hanging around # but recreate the directory so that new tools can use it. + shred -n 10 -z -u /tmp/secret/* 2> /dev/null rm -rf /tmp/secret mkdir -p /tmp/secret