From 8b0cb8be65f12e8ff3247e857e9637a8fc6f407b Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 13 Mar 2018 14:05:18 +0900
Subject: [PATCH] factory-reset should erase all upgrade public keys.

---
 ChangeLog   | 5 +++++
 src/flash.c | 8 +++++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index c1b5fcc..fa12ced 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2018-03-13  NIIBE Yutaka  <gniibe@fsij.org>
+
+	* src/flash.c [FLASH_UPGRADE_SUPPORT] (flash_terminate): Erase
+	the page for upgrade public keys.
+
 2018-02-12  NIIBE Yutaka  <gniibe@fsij.org>
 
 	* src/openpgp-do.c (rw_kdf): Return 0 when NULL.
diff --git a/src/flash.c b/src/flash.c
index 9fbad9d..f9e3c5a 100644
--- a/src/flash.c
+++ b/src/flash.c
@@ -1,7 +1,7 @@
 /*
  * flash.c -- Data Objects (DO) and GPG Key handling on Flash ROM
  *
- * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017
+ * Copyright (C) 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018
  *               Free Software Initiative of Japan
  * Author: NIIBE Yutaka <gniibe@fsij.org>
  *
@@ -157,6 +157,12 @@ flash_terminate (void)
 {
   int i;
 
+#ifdef FLASH_UPGRADE_SUPPORT
+  const uint8_t *p;
+
+  p = gpg_get_firmware_update_key (0);
+  flash_erase_page ((uintptr_t)p);
+#endif
   for (i = 0; i < 3; i++)
     flash_erase_page ((uintptr_t)flash_key_getpage (i));
   flash_erase_page ((uintptr_t)FLASH_ADDR_DATA_STORAGE_START);