Add more protection to mbedtls_platform_zeroize

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/platform_util.c

@@ -125,6 +125,15 @@ void mbedtls_platform_zeroize(void *buf, size_t len)
         SecureZeroMemory(buf, len);
 #else
         memset_func(buf, 0, len);
+#endif
+
+#if defined(__GNUC__)
+        /* For clang and gcc, pretend that we have some assembly that reads the
+         * zero'd memory as an additional protection against being optimised away. */
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wvla"
+        asm volatile ("" : : "m" (*(char (*)[len]) buf) : );
+#pragma clang diagnostic pop
 #endif
     }
 }