diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 1d49b6a16e..6e1e284801 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -931,7 +931,7 @@ ProcessVarWithPk ( // Init state of Del. State may change due to secure check // Del = FALSE; - if ((InCustomMode() && mUserPhysicalPresent) || (mPlatformMode == SETUP_MODE && !IsPk)) { + if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) { Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data); PayloadSize = DataSize - AUTHINFO2_SIZE (Data); if (PayloadSize == 0) { @@ -1049,7 +1049,7 @@ ProcessVarWithKek ( } Status = EFI_SUCCESS; - if (mPlatformMode == USER_MODE && !(InCustomMode() && mUserPhysicalPresent)) { + if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) { // // Time-based, verify against X509 Cert KEK. // @@ -1204,7 +1204,7 @@ ProcessVariable ( &OrgVariableInfo ); - if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && mUserPhysicalPresent) { + if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) { // // Allow the delete operation of common authenticated variable at user physical presence. // @@ -1222,7 +1222,7 @@ ProcessVariable ( return Status; } - if (NeedPhysicallyPresent (VariableName, VendorGuid) && !mUserPhysicalPresent) { + if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) { // // This variable is protected, only physical present user could modify its value. // diff --git a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h index ac7ea89a80..e7c4bf043d 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h +++ b/SecurityPkg/Library/AuthVariableLib/AuthServiceInternal.h @@ -128,7 +128,6 @@ extern UINT8 *mCertDbStore; extern UINT32 mMaxCertDbSize; extern UINT32 mPlatformMode; extern UINT8 mVendorKeyState; -extern BOOLEAN mUserPhysicalPresent; extern VOID *mHashCtx; diff --git a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c index dd35a44409..c4fbb649f1 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthVariableLib.c @@ -35,7 +35,6 @@ UINT8 *mCertDbStore; UINT32 mMaxCertDbSize; UINT32 mPlatformMode; UINT8 mVendorKeyState; -BOOLEAN mUserPhysicalPresent; EFI_GUID mSignatureSupport[] = {EFI_CERT_SHA1_GUID, EFI_CERT_SHA256_GUID, EFI_CERT_RSA2048_GUID, EFI_CERT_X509_GUID}; @@ -436,12 +435,6 @@ AuthVariableLibInitialize ( AuthVarLibContextOut->AddressPointer = mAuthVarAddressPointer; AuthVarLibContextOut->AddressPointerCount = sizeof (mAuthVarAddressPointer) / sizeof (mAuthVarAddressPointer[0]); - // - // Cache UserPhysicalPresent State. - // Platform should report PhysicalPresent before this point - // - mUserPhysicalPresent = UserPhysicalPresent(); - return Status; }