From 51caab8ea4d766955f29e4b6069e0c97d3f13b47 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Fri, 3 Nov 2023 10:10:05 -0400
Subject: [PATCH] functions: check_tpm_counter; add shred call to wipe
 tpm_owner_password if creating counter fails with cached tpm owner password
 so prompt_tpm_owner_password asks for it again on next run

Signed-off-by: Thierry Laurion <insurgo@riseup.net>
---
 initrd/etc/functions | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/initrd/etc/functions b/initrd/etc/functions
index 9ff2b14f..5cdc504c 100755
--- a/initrd/etc/functions
+++ b/initrd/etc/functions
@@ -194,7 +194,7 @@ list_usb_storage() {
 # line, since some flows need it multiple times and only one prompt is ideal.
 prompt_tpm_owner_password() {
 	TRACE "Under /etc/functions:prompt_tpm_owner_password"
-	
+
 	if [ -s /tmp/secret/tpm_owner_password ]; then
 		DEBUG "/tmp/secret/tpm_owner_password already cached in file. Reusing"
 		tpm_owner_password=$(cat /tmp/secret/tpm_owner_password)
@@ -253,7 +253,15 @@ check_tpm_counter() {
 			-pwdc '' \
 			-la $LABEL |
 			tee /tmp/counter ||
-			die "Unable to create TPM counter"
+			{
+				DEBUG "Failed to create TPM counter. Shredding TPM owner password"
+				#TODO: refactor tpmr to wipe tpm_owner_password when invalid
+				# As of today, the callers are responsible to wipe it
+				# prompt_tpm_owner_password caches the password until externally invalidated
+				shred -n 10 -z -u /tmp/secret/tpm_owner_password
+				:
+				die "Unable to create TPM counter" 2>/dev/null
+			}
 		TPM_COUNTER=$(cut -d: -f1 </tmp/counter)
 	fi