diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c index 6e1e284801..b013d420f6 100644 --- a/SecurityPkg/Library/AuthVariableLib/AuthService.c +++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c @@ -2100,7 +2100,7 @@ CleanCertsFromDb ( &AuthVariableInfo ); - if (EFI_ERROR(Status)) { + if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { Status = DeleteCertsFromDb( VariableName, &AuthVarGuid,