ref: 60b1a2f82dc96b254d6dec1bfd1c14ca056c21dd
parent: bd43bd6f1ae1b1ec7ee6873d9fd6766b049802e9
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sat Apr 8 16:30:47 EDT 2023
kernel: Clear secrets on reboot The idea is that when we reboot, we zero out memory written by processes that have the private flag set (such as factotum and keyfs), and also clear the secrmem pool, which contains TLS keys and the state of the random number generator. This is so the newly booted kernel or firmware will not find these secret keys in memory.