1# Memory clearing 2 3The main memory on computer platforms in high security environments contains 4sensible data. On unexpected reboot the data might persist and could be 5read by a malicious application in the bootflow or userspace. 6 7In order to prevent leaking information from pre-reset, the boot firmware can 8clear the main system memory on boot, wiping all information. 9 10A common API indicates if the main memory has to be cleared. That could be 11on user request or by a Trusted Execution Environment indicating that secrets 12are in memory. 13 14As every platform has different bring-up mechanisms and memory-layouts, every 15The device must indicate support for memory clearing as part of the boot 16process. 17 18## Requirements 19 201. The platform must clear all platform memory (DRAM) if requested 212. Code that is placed in DRAM might be skipped (as workaround) 223. Stack that is placed in DRAM might be skipped (as workaround) 234. All DRAM is cleared with zeros 24 25## Implementation 26 27A platform that supports memory clearing selects Kconfig 28``PLATFORM_HAS_DRAM_CLEAR`` and calls 29 30```C 31bool security_clear_dram_request(void); 32``` 33 34to detect if memory should be cleared. 35 36The memory is cleared in ramstage as part of `DEV_INIT` stage. It's possible to 37clear it earlier on some platforms, but on x86 MTRRs needs to be programmed 38first, which happens in `DEV_INIT`. 39 40Without MTRRs (and caches enabled) clearing memory takes multiple seconds. 41## Exceptions 42 43As some platforms place code and stack in DRAM (FSP1.0), the regions can be 44skipped. 45 46## Architecture specific implementations 47 48```{toctree} 49:maxdepth: 1 50 51x86 PAE <../arch/x86/pae.md> 52``` 53