Closed dingelish closed 2 months ago
The only thing in the public API that would allow for this is impl'ing a Default
of [0xff; N]
and using DefaultIsZeroes
, though that seems a bit suboptimal.
Otherwise you could do a two-pass approach where you first use zeroize
to zero memory, then write 0xff
over it, though it's possible the latter could be elided.
Or you could just copy the internal zeroize
strategy rather than using it directly, and do a volatile write of 0xff
to all of the bytes.
On a slightly relevant note, once I had to deal with requirement to do erasure of sensitive data with pseudorandom data. I know it's a somewhat stupid requirement, but I had no choice but to do it.
Thanks for the advices! They're pretty useful. I decide to add one more line after zeroize()
to fill it up with 0xFF
. If it's elided, the guest driver doesn't work and we can quickly identify that during testing. Problem solved!
Hi there,
I'm working on a firmware where the key needs to be wiped out. However the linux kernel checks if it is all zero. I want to bypass that check. The way I'm using is to overwrite the buffer with 0xFF. Can I do it with the current zeroize crate? Thanks!