diff options
| -rw-r--r-- | SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c | 48 |
1 files changed, 23 insertions, 25 deletions
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c index 7f9d531100..9b8f63f089 100644 --- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c +++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c @@ -1359,36 +1359,34 @@ ProcessVariable ( IsDeletion = FALSE;
Status = EFI_SUCCESS;
- if (UserPhysicalPresent()) {
+ if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes) && UserPhysicalPresent()) {
//
// Allow the delete operation of common authenticated variable at user physical presence.
//
- if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes)) {
- if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
- Status = DeleteCertsFromDb (VariableName, VendorGuid);
- }
- if (!EFI_ERROR (Status)) {
- Status = UpdateVariable (
- VariableName,
- VendorGuid,
- NULL,
- 0,
- 0,
- 0,
- 0,
- Variable,
- NULL
- );
- }
- return Status;
+ if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {
+ Status = DeleteCertsFromDb (VariableName, VendorGuid);
}
- } else {
- if (NeedPhysicallyPresent(VariableName, VendorGuid)) {
- //
- // This variable is protected, only physical present user could modify its value.
- //
- return EFI_SECURITY_VIOLATION;
+ if (!EFI_ERROR (Status)) {
+ Status = UpdateVariable (
+ VariableName,
+ VendorGuid,
+ NULL,
+ 0,
+ 0,
+ 0,
+ 0,
+ Variable,
+ NULL
+ );
}
+ return Status;
+ }
+
+ if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
+ //
+ // This variable is protected, only physical present user could modify its value.
+ //
+ return EFI_SECURITY_VIOLATION;
}
//
|