1. Technical Field
The present invention relates to a system and method that securely clears secret data from computer system memory. More particularly, the present invention relates to a system and method that securely clears secret data that has been provided by a Trusted Platform Module (TPM).
2. Description of the Related Art
Security of sensitive data and intellectual property is of increased concern in modern computer systems. To address this concern, special security modules, such as a Trusted Platform Module (TPM) have been developed and incorporated in computer systems in order to perform various security and cryptographic functions. The security module (hereinafter, the TPM) releases sensitive (“secret”) data only when the requestor has been properly authenticated.
While the TPM is quite useful in only releasing secrets when proper authentication is provided, a challenge exists with ensuring that secrets, having been released to authenticated requesters, are not compromised when the system is re-booted. For example, a requestor might store a secret in RAM that has been allocated to the requestor, but when the system is re-booted the RAM where the secret was stored no longer belongs to the original requestor and may fall into the hands of a malevolent user. One approach is to have requestors clean up (e.g. write over) the secret once the requestor is finished using it. A challenge to this approach is that the system can generally be booted at any time and, therefore, the requestor might not have the opportunity to clean up the memory where secrets are stored prior to a re-boot. Another approach would be to clear (write over) all of the RAM every time the system is rebooted so that any secret data would be written over before the system could be used by a malevolent user. The substantial challenge to this approach is that modern systems often contain many megabytes of RAM and, consequently, this approach would often require a long amount of time to clear all of the memory and would likely lead to user frustration and dissatisfaction in waiting such a long time before being able to use the system.