rollback: Clear temporary copies of rollback secret.

After working with temporary copies of rollback secret, clear them using
always_memset() in third_party/cryptoc/util.c. For boards that have
CONFIG_ROLLBACK_SECRET_SIZE, configure CONFIG_LIBCRYPTOC automatically.

BRANCH=nocturne
BUG=chromium:968809,chromium:989594,b:130238794
TEST=make -j buildall
TEST=tested fingerprint enrollment and matching on nocturne DUT, which
uses rollback_get_secret().

Change-Id: I44fb5ef7d43c080e4d33c8d9a7d9298e194e1cf3
Signed-off-by: Yicheng Li <yichengli@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/1731544
Reviewed-by: Tom Hughes <tomhughes@chromium.org>

1 files changed, 9 insertions, 0 deletions

diff --git a/include/config.h b/include/config.h
index d3547dde72..9ddd8ff03b 100644
--- a/include/config.h
+++ b/include/config.h
@@ -4604,6 +4604,15 @@
 
 /*****************************************************************************/
 /*
+ * Define CONFIG_LIBCRYPTOC if a board needs to read secret data from the
+ * anti-rollback block.
+ */
+#ifdef CONFIG_ROLLBACK_SECRET_SIZE
+#define CONFIG_LIBCRYPTOC
+#endif
+
+/*****************************************************************************/
+/*
  * Handle task-dependent configs.
  *
  * This prevent sub-modules from being compiled when the task and parent module