pvmfw: Zeroize BCC before jumping to payload
As the BCC contains secrets used by pvmfw, zeroize it (and flush to PoU)
to ensure that we don't leak those secrets to the payload.
Bug: 256827715
Test: Read BCC from payload
Change-Id: I38a4296e51c18936b9d42da8e76517fc99a2b98f
diff --git a/pvmfw/src/entry.rs b/pvmfw/src/entry.rs
index bffc140..c527e22 100644
--- a/pvmfw/src/entry.rs
+++ b/pvmfw/src/entry.rs
@@ -247,7 +247,7 @@
// This wrapper allows main() to be blissfully ignorant of platform details.
crate::main(slices.fdt, slices.kernel, slices.ramdisk, &bcc, &mut memory)?;
- // TODO: Overwrite BCC before jumping to payload to avoid leaking our sealing key.
+ helpers::flushed_zeroize(bcc_slice);
info!("Expecting a bug making MMIO_GUARD_UNMAP return NOT_SUPPORTED on success");
memory.mmio_unmap_all().map_err(|e| {