config: Erase HW_ENTROPY_DATA when no longer needed. This assumes that config.init() is called only once in production. For the emulator tests config.init() can be called repeatedly, since HW_ENTROPY_DATA is null-initialized to begin with.

5 years ago · 06ef27a718
parent fd6eb333a6
commit 06ef27a718
1 changed files with 2 additions and 0 deletions
--- a/embed/extmod/modtrezorconfig/modtrezorconfig.c
+++ b/embed/extmod/modtrezorconfig/modtrezorconfig.c
@ -27,6 +27,7 @@

 #include "storage.h"
 #include "common.h"
+#include "memzero.h"

 STATIC mp_obj_t ui_wait_callback = mp_const_none;

@ -51,6 +52,7 @@ STATIC mp_obj_t mod_trezorconfig_init(size_t n_args, const mp_obj_t *args) {
    } else {
        storage_init(NULL, HW_ENTROPY_DATA, HW_ENTROPY_LEN);
    }
+    memzero(HW_ENTROPY_DATA, sizeof(HW_ENTROPY_DATA));
    return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorconfig_init_obj, 0, 1, mod_trezorconfig_init);