qmk · zvecr · May 14, 2022 · Apr 28, 2022 · Apr 28, 2022 · Apr 28, 2022
diff --git a/quantum/process_keycode/process_secure.c b/quantum/process_keycode/process_secure.c
@@ -7,7 +7,9 @@
 
 bool preprocess_secure(uint16_t keycode, keyrecord_t *record) {
     if (secure_is_unlocking()) {
-        if (!record->event.pressed) {
+        // !pressed will trigger on any already held keys (such as layer keys),
+        // and cause the request secure check to prematurely fail.
+        if (record->event.pressed) {
             secure_keypress_event(record->event.key.row, record->event.key.col);
         }
 
@@ -36,4 +38,4 @@ bool process_secure(uint16_t keycode, keyrecord_t *record) {
     }
 #endif
     return true;
-}
+}
diff --git a/quantum/quantum.c b/quantum/quantum.c
@@ -553,3 +553,16 @@ const char *get_u16_str(uint16_t curr_num, char curr_pad) {
     last_pad = curr_pad;
     return get_numeric_str(buf, sizeof(buf), curr_num, curr_pad);
 }
+
+#if defined(SECURE_ENABLE)
+__attribute__((weak)) bool secure_hook_user(secure_status_t secure_status) {
+    return true;
+}
+__attribute__((weak)) bool secure_hook_kb(secure_status_t secure_status) {
+    return secure_hook_user(secure_status);
+}
+
+void secure_hook_quantum(secure_status_t secure_status) {
+    secure_hook_kb(secure_status);
+}
+#endif
diff --git a/quantum/secure.c b/quantum/secure.c
@@ -3,6 +3,7 @@
 
 #include "secure.h"
 #include "timer.h"
+#include "action_layer.h"
 
 #ifndef SECURE_UNLOCK_TIMEOUT
 #    define SECURE_UNLOCK_TIMEOUT 5000
@@ -29,18 +30,26 @@ secure_status_t secure_get_status(void) {
 
 void secure_lock(void) {
     secure_status = SECURE_LOCKED;
+    secure_hook_quantum(secure_status);
 }
 
 void secure_unlock(void) {
     secure_status = SECURE_UNLOCKED;
     idle_time     = timer_read32();
+    secure_hook_quantum(secure_status);
 }
 
 void secure_request_unlock(void) {
     if (secure_status == SECURE_LOCKED) {
         secure_status = SECURE_PENDING;
         unlock_time   = timer_read32();
+        // If keys are being held when this is triggered, they may not be released properly
+        // this can result in stuck keys, mods and layers.  To prevent that, manually
+        // clear these, when it is triggered.
+        clear_keyboard();
+        layer_clear();
     }
+    secure_hook_quantum(secure_status);
 }
 
 void secure_activity_event(void) {

diff --git a/quantum/secure.h b/quantum/secure.h
@@ -65,3 +65,15 @@ void secure_keypress_event(uint8_t row, uint8_t col);
 /** \brief Handle various secure subsystem background tasks
  */
 void secure_task(void);
+
+/** \brief quantum hook called when changing secure status device
+ */
+void secure_hook_quantum(secure_status_t secure_status);
+
+/** \brief user hook called when changing secure status device
+ */
+bool secure_hook_user(secure_status_t secure_status);
+
+/** \brief keyboard hook called when changing secure status device
+ */
+bool secure_hook_kb(secure_status_t secure_status);