From b3a6c285c8ac8596a654571023132bcbf5c754c9 Mon Sep 17 00:00:00 2001
From: Thierry Laurion <insurgo@riseup.net>
Date: Fri, 22 Feb 2019 10:48:00 -0500
Subject: [PATCH] also shred LUKS key when done instead of rm it

---
 initrd/bin/kexec-seal-key | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key
index f574b558..c96dc637 100755
--- a/initrd/bin/kexec-seal-key
+++ b/initrd/bin/kexec-seal-key
@@ -117,7 +117,7 @@ tpm sealfile2 \
 	-ix 7 X \
 || die "Unable to seal secret"
 
-rm -f "$KEY_FILE" \
+shred -n 10 -z -u "$KEY_FILE" 2> /dev/null \
 || die "Failed to delete key file"
 
 # try it without the owner password first