SecurityPkg/AuthSeriableLib: Always delete variable in certdb

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1783 While cleaning the certdb, always delete the variable data in the certdb regardless of its attribute. Cc: Chao Zhang <chao.b.zhang@intel.com> Cc: Jiewen Yao <jiewen.yao@intel.com> Cc: Jian Wang <jian.j.wang@intel.com> Cc: Star Zeng <star.zeng@intel.com> Cc: Liming Gao <liming.gao@intel.com> Signed-off-by: Zhichao Gao <zhichao.gao@intel.com> Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
2019-05-13 10:48:27 +08:00 · 2019-05-13 10:48:27 +08:00 · e90ea9470a
parent 4000f249ba
commit e90ea9470a
1 changed files with 5 additions and 2 deletions
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@ -18,7 +18,7 @@
  They will do basic validation for authentication data structure, then call crypto library
  to verify the signature.

-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
 SPDX-License-Identifier: BSD-2-Clause-Patent

 **/
@ -1735,10 +1735,13 @@ CleanCertsFromDb (
                                       );

      if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
+        //
+        // While cleaning certdb, always delete the variable in certdb regardless of it attributes.
+        //
        Status      = DeleteCertsFromDb(
                        VariableName,
                        &AuthVarGuid,
-                        AuthVariableInfo.Attributes
+                        AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE
                        );
        CertCleaned = TRUE;
        DEBUG((EFI_D_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));