[Cryptech-Commits] [sw/libhal] 03/03: Correctly mark "unsecure" KEK as erased.

[git at cryptech.is]

This is an automated email from the git hooks/post-receive script.

paul at psgd.org pushed a commit to branch master
in repository sw/libhal.

commit 12a3c63b75044b207dd7982ce3ed170231bd4467
Author: Paul Selkirk <paul at psgd.org>
AuthorDate: Sun Oct 15 21:36:57 2017 -0400

    Correctly mark "unsecure" KEK as erased.
---
 ks.h       | 1 +
 ks_token.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ks.h b/ks.h
index b95216d..7bfdd61 100644
--- a/ks.h
+++ b/ks.h
@@ -139,6 +139,7 @@ typedef struct {
 #endif
 } hal_ks_pin_block_t;
 
+#define FLASH_KEK_NOT_SET 0
 #define FLASH_KEK_SET   0x33333333
 
 /*
diff --git a/ks_token.c b/ks_token.c
index a6cad0e..b96d279 100644
--- a/ks_token.c
+++ b/ks_token.c
@@ -640,7 +640,7 @@ hal_error_t hal_mkm_flash_erase(const size_t len)
 
   hal_ks_pin_block_t new_data = block->pin;
 
-  new_data.kek_set = FLASH_KEK_SET;
+  new_data.kek_set = FLASH_KEK_NOT_SET;
   memset(new_data.kek, 0, len);
 
   err = update_pin_block(b, block, &new_data);