Add submodule dependency filesHEADmaster

Change-Id: Iaf8d18082d3991dec7c0ebbea540f092188eb4ec

1 files changed, 19 insertions, 0 deletions

diff --git a/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/docs/limitations.rst b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/docs/limitations.rst
new file mode 100644
index 000000000..503bdfe48
--- /dev/null
+++ b/roms/edk2/CryptoPkg/Library/OpensslLib/openssl/pyca-cryptography/docs/limitations.rst
@@ -0,0 +1,19 @@
+Known security limitations
+--------------------------
+
+Lack of secure memory wiping
+============================
+
+`Memory wiping`_ is used to protect secret data or key material from attackers
+with access to uninitialized memory. This can be either because the attacker
+has some kind of local user access or because of how other software uses
+uninitialized memory.
+
+Python exposes no API for us to implement this reliably and as such almost all
+software in Python is potentially vulnerable to this attack. The
+`CERT secure coding guidelines`_ assesses this issue as "Severity: medium,
+Likelihood: unlikely, Remediation Cost: expensive to repair" and we do not
+consider this a high risk for most users.
+
+.. _`Memory wiping`:  https://blogs.msdn.microsoft.com/oldnewthing/20130529-00/?p=4223/
+.. _`CERT secure coding guidelines`: https://www.securecoding.cert.org/confluence/display/c/MEM03-C.+Clear+sensitive+information+stored+in+reusable+resources