summaryrefslogtreecommitdiffstats
path: root/SecurityPkg
diff options
context:
space:
mode:
authorZhichao Gao <zhichao.gao@intel.com>2019-05-13 10:48:27 +0800
committerJian J Wang <jian.j.wang@intel.com>2019-05-15 13:00:37 +0800
commite90ea9470a88661946d8489c3a31640eab096a9a (patch)
tree2ddffc5e4514b75e3b6f49d8c8b65a95d0d6c374 /SecurityPkg
parent4000f249ba5c177b53e91b9435a4420f8e4f5d6f (diff)
downloadedk2-e90ea9470a88661946d8489c3a31640eab096a9a.tar.gz
edk2-e90ea9470a88661946d8489c3a31640eab096a9a.tar.bz2
edk2-e90ea9470a88661946d8489c3a31640eab096a9a.zip
SecurityPkg/AuthSeriableLib: Always delete variable in certdb
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1783 While cleaning the certdb, always delete the variable data in the certdb regardless of its attribute. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Liming Gao <liming.gao@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
Diffstat (limited to 'SecurityPkg')
-rw-r--r--SecurityPkg/Library/AuthVariableLib/AuthService.c7
1 files changed, 5 insertions, 2 deletions
diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 7493a2ed9c..486df55bed 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -18,7 +18,7 @@
They will do basic validation for authentication data structure, then call crypto library
to verify the signature.
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent
**/
@@ -1735,10 +1735,13 @@ CleanCertsFromDb (
);
if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+ //
+ // While cleaning certdb, always delete the variable in certdb regardless of it attributes.
+ //
Status = DeleteCertsFromDb(
VariableName,
&AuthVarGuid,
- AuthVariableInfo.Attributes
+ AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE
);
CertCleaned = TRUE;
DEBUG((EFI_D_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));