CR50: zeroize manufacture related structs prior to use

Zeroize structs are only partially populated by the caller.

BRANCH=none
BUG=chrome-os-partner:43025,chrome-os-partner:47524
BUG=chrome-os-partner:50115,chrome-os-partner:55260
TEST=build succeeds

Change-Id: I82a0758bedcf7f0565c8a541dfdc49c6bc0e9d0c
Signed-off-by: nagendra modadugu <ngm@google.com>
Reviewed-on: https://chromium-review.googlesource.com/360953
Tested-by: Vadim Bendebury <vbendeb@chromium.org>
Reviewed-by: Vadim Bendebury <vbendeb@chromium.org>
Commit-Queue: Vadim Bendebury <vbendeb@chromium.org>

1 files changed, 5 insertions, 2 deletions

diff --git a/board/cr50/tpm2/manufacture.c b/board/cr50/tpm2/manufacture.c
index c31766ebd5..c8b3663c91 100644
--- a/board/cr50/tpm2/manufacture.c
+++ b/board/cr50/tpm2/manufacture.c
@@ -385,6 +385,11 @@ static int store_cert(enum cros_perso_component_type component_type,
 	TPMA_NV space_attributes;
 	NV_Write_In in;
 
+	/* Clear up structures potentially uszed only partially. */
+	memset(&define_space, 0, sizeof(define_space));
+	memset(&space_attributes, 0, sizeof(space_attributes));
+	memset(&in, 0, sizeof(in));
+
 	/* Indicate that a system reset has occurred, and currently
 	 * running with Platform auth.
 	 */
@@ -395,8 +400,6 @@ static int store_cert(enum cros_perso_component_type component_type,
 	else   /* P256 certificate. */
 		nv_index = ecc_ek_nv_index;
 
-	memset(&space_attributes, 0, sizeof(space_attributes));
-
 	/* Writeable under platform auth. */
 	space_attributes.TPMA_NV_PPWRITE = 1;
 	/* Not modifyable by OWNER; require PLATFORM auth. */