Currently, we don't zero out the freemem region, and zero untrusted memory before we lock it.
All zeroing is a mitigation, and is not a requirement for security properties, but if we are going to do it we need to do it faster than a memset.
DMAing in from a zero device may be the fastest way to do this.
Currently, we don't zero out the freemem region, and zero untrusted memory before we lock it. All zeroing is a mitigation, and is not a requirement for security properties, but if we are going to do it we need to do it faster than a
memset
.DMAing in from a zero device may be the fastest way to do this.