summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c48
1 files changed, 23 insertions, 25 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 7f9d531100..9b8f63f089 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -1359,36 +1359,34 @@ ProcessVariable (
IsDeletion = FALSE;
Status = EFI_SUCCESS;
- if (UserPhysicalPresent()) {
+ if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes) && UserPhysicalPresent()) {
//
// Allow the delete operation of common authenticated variable at user physical presence.
//
- if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes)) {
- if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
- Status = DeleteCertsFromDb (VariableName, VendorGuid);
- }
- if (!EFI_ERROR (Status)) {
- Status = UpdateVariable (
- VariableName,
- VendorGuid,
- NULL,
- 0,
- 0,
- 0,
- 0,
- Variable,
- NULL
- );
- }
- return Status;
+ if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ Status = DeleteCertsFromDb (VariableName, VendorGuid);
}
- } else {
- if (NeedPhysicallyPresent(VariableName, VendorGuid)) {
- //
- // This variable is protected, only physical present user could modify its value.
- //
- return EFI_SECURITY_VIOLATION;
+ if (!EFI_ERROR (Status)) {
+ Status = UpdateVariable (
+ VariableName,
+ VendorGuid,
+ NULL,
+ 0,
+ 0,
+ 0,
+ 0,
+ Variable,
+ NULL
+ );
}
+ return Status;
+ }
+
+ if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
+ //
+ // This variable is protected, only physical present user could modify its value.
+ //
+ return EFI_SECURITY_VIOLATION;
}
//