From 06ef27a718da94d1975bc618553f601fcfc1c0d5 Mon Sep 17 00:00:00 2001
From: Andrew Kozlik <andrew.kozlik@gmail.com>
Date: Mon, 11 Feb 2019 16:15:25 +0100
Subject: [PATCH] config: Erase HW_ENTROPY_DATA when no longer needed. This
 assumes that config.init() is called only once in production. For the
 emulator tests config.init() can be called repeatedly, since HW_ENTROPY_DATA
 is null-initialized to begin with.

---
 embed/extmod/modtrezorconfig/modtrezorconfig.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/embed/extmod/modtrezorconfig/modtrezorconfig.c b/embed/extmod/modtrezorconfig/modtrezorconfig.c
index 09730bd35..5d84d655b 100644
--- a/embed/extmod/modtrezorconfig/modtrezorconfig.c
+++ b/embed/extmod/modtrezorconfig/modtrezorconfig.c
@@ -27,6 +27,7 @@
 
 #include "storage.h"
 #include "common.h"
+#include "memzero.h"
 
 STATIC mp_obj_t ui_wait_callback = mp_const_none;
 
@@ -51,6 +52,7 @@ STATIC mp_obj_t mod_trezorconfig_init(size_t n_args, const mp_obj_t *args) {
     } else {
         storage_init(NULL, HW_ENTROPY_DATA, HW_ENTROPY_LEN);
     }
+    memzero(HW_ENTROPY_DATA, sizeof(HW_ENTROPY_DATA));
     return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_VAR_BETWEEN(mod_trezorconfig_init_obj, 0, 1, mod_trezorconfig_init);