On Fri, 19 Apr 2024, H.J. Lu wrote: > You should write your own memory copy function and compile it with > -fzero-call-used-regs if possible. > > -- > H.J. This would work - but I looked at OpenSSL and it seems to suffer from the same problem as libdevmapper. OpenSSL uses plain memcpy, it overwrites memory before freeing it, but it doesn't overwrite the YMM and ZMM registers. So, it seems like overkill to add a special memcpy implementation to every library that manipulates sensitive data. It may be better to have some general solution. There's already "explicit_bzero", so maybe we could add "explicit_memcpy" or "secure_memcpy"? Mikulas
