also shred LUKS sealed secret when done instead of rm it

linuxboot · Feb 22, 2019 · dcb5b25 · dcb5b25
1 parent 5930e46
commit dcb5b25
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/initrd/bin/kexec-seal-key b/initrd/bin/kexec-seal-key
@@ -150,5 +150,5 @@ if ! tpm nv_writevalue \
 	|| die "Unable to write sealed secret to NVRAM"
 fi
 
-rm "$TPM_SEALED" \
+shred -n 10 -z -u "$TPM_SEALED" 2> /dev/null \
 || warn "Failed to delete the sealed secret - continuing"