also shred LUKS key when done instead of rm it

2025-02-20 17:22:53 +00:00 · 2019-02-22 10:48:00 -05:00 · 2019-02-22 10:48:00 -05:00 · b3a6c285c8
commit b3a6c285c8
parent 9fbfb41a71
1 changed files with 1 additions and 1 deletions
--- a/initrd/bin/kexec-seal-key
+++ b/initrd/bin/kexec-seal-key
@ -117,7 +117,7 @@ tpm sealfile2 \
 	-ix 7 X \
 || die "Unable to seal secret"

-rm -f "$KEY_FILE" \
+shred -n 10 -z -u "$KEY_FILE" 2> /dev/null \
 || die "Failed to delete key file"

 # try it without the owner password first