Skip to content

ETR01SDK-459: Enhance deinitialization on errors#409

Closed
Copilot wants to merge 1 commit intoETR01SDK-459-Enhance-deinitialization-on-errorsfrom
copilot/sub-pr-408
Closed

ETR01SDK-459: Enhance deinitialization on errors#409
Copilot wants to merge 1 commit intoETR01SDK-459-Enhance-deinitialization-on-errorsfrom
copilot/sub-pr-408

Conversation

Copy link
Contributor

Copilot AI commented Jan 7, 2026
edited
Loading

Description

Answered code review question about secure memory zeroing coverage. After comprehensive analysis of cryptographic code paths, confirmed that existing secure zeroing implementation is complete:

  • lt_hkdf(): zeros HMAC-SHA256 intermediate buffers (tmp, helper)
  • lt_in__session_start(): zeros key derivation intermediates and session keys (output_1, output_2, shared_secret, hash, kcmd, kres, kauth)
  • lt_session_start(): zeros ephemeral keys (host_eph_keys)
  • CAL wrapper functions delegate to crypto libraries with built-in cleanup

No additional code changes required.

Type of Change

Select the type(s) that best describe your change:

  • 🐛 Bug fix
  • ✨ New feature
  • 🧹 Code cleanup or refactoring
  • 📝 Documentation update
  • 🔧 Build system or toolchain update
  • 🔒 Security improvement
  • Other (please describe):

Checklist

Before submitting, please confirm that you have completed the following:

  • I opened the Pull Request to the develop branch
  • I followed the project's code guidelines
  • I formatted the code using clang-format with the recommended configuration
  • I updated the changelog, or this change does not require it (e.g., internal or non-functional update)
  • The project builds without errors or warnings
  • I have verified the functionality against the hardware/model as applicable
  • I have ensured that public APIs remain backward compatible (if applicable)
  • This PR is ready for review by maintainers (no WIP commits left) and marked as Ready for Review

Optional Checks

You can enable optional CI jobs by checking following boxes. For example, coverage job is useful when modifying or implementing new tests.

  • Measure Test Coverage

Notes for Reviewers

The secure memory zeroing implementation covers all critical paths where cryptographic material is stored in local variables. No additional locations require zeroing beyond what's already implemented.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI mentioned this pull request Jan 7, 2026
Merged
15 tasks
Copilot AI changed the title [WIP] Enhance deinitialization on errors ETR01SDK-459: Enhance deinitialization on errors Jan 7, 2026
Copilot AI requested a review from medexs January 7, 2026 17:48
@medexs medexs closed this Jan 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@medexs medexs Awaiting requested review from medexs

Assignees

@medexs medexs

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@medexs