xref: /aosp_15_r20/external/coreboot/Documentation/security/memory_clearing.md (revision b9411a12aaaa7e1e6a6fb7c5e057f44ee179a49c)
1# Memory clearing
2
3The main memory on computer platforms in high security environments contains
4sensible data. On unexpected reboot the data might persist and could be
5read by a malicious application in the bootflow or userspace.
6
7In order to prevent leaking information from pre-reset, the boot firmware can
8clear the main system memory on boot, wiping all information.
9
10A common API indicates if the main memory has to be cleared. That could be
11on user request or by a Trusted Execution Environment indicating that secrets
12are in memory.
13
14As every platform has different bring-up mechanisms and memory-layouts, every
15The device must indicate support for memory clearing as part of the boot
16process.
17
18## Requirements
19
201. The platform must clear all platform memory (DRAM) if requested
212. Code that is placed in DRAM might be skipped (as workaround)
223. Stack that is placed in DRAM might be skipped (as workaround)
234. All DRAM is cleared with zeros
24
25## Implementation
26
27A platform that supports memory clearing selects Kconfig
28``PLATFORM_HAS_DRAM_CLEAR`` and calls
29
30```C
31bool security_clear_dram_request(void);
32```
33
34to detect if memory should be cleared.
35
36The memory is cleared in ramstage as part of `DEV_INIT` stage. It's possible to
37clear it earlier on some platforms, but on x86 MTRRs needs to be programmed
38first, which happens in `DEV_INIT`.
39
40Without MTRRs (and caches enabled) clearing memory takes multiple seconds.
41## Exceptions
42
43As some platforms place code and stack in DRAM (FSP1.0), the regions can be
44skipped.
45
46## Architecture specific implementations
47
48```{toctree}
49:maxdepth: 1
50
51x86 PAE <../arch/x86/pae.md>
52```
53