If a KEK is given to keywrap/unwrap, zero it out of the keywrap core after use.

The key-export mechanism unwraps the key with the KEK from Master Key
Memory, then re-wraps it with a random KEK. If that random KEK stays in
the keywrap core, it will cause problems for all subsequent wrap/unwrap
operations.

0 files changed, 0 insertions, 0 deletions