mirror of https://github.com/acidanthera/audk.git
SecurityPkg: AuthVariableLib: Fix inconsistent CertDB case
2 steps are used to create/delete a time based variable. For create step 1: Insert Signer Cert to CertDB. Step 2: Insert Payload to Variable. For delete step 1: Delete Variable. Step 2: Delete Cert from CertDB. System may breaks between step 1 & step 2, so CertDB may contains useless Cert in the next reboot. AuthVariableLib choose to sync consistent state between CertDB & Time Auth Variable on initialization. However, it doesn't apply Time Auth attribute check. Now add it. Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Chao Zhang <chao.b.zhang@intel.com> Reviewed-by: Fu Siyuan <siyuan.fu@intel.com> Reviewed-by: Zeng Star <star.zeng@intel.com>
This commit is contained in:
parent
d35ec1e050
commit
fd4d9c6495
|
@ -2100,7 +2100,7 @@ CleanCertsFromDb (
|
||||||
&AuthVariableInfo
|
&AuthVariableInfo
|
||||||
);
|
);
|
||||||
|
|
||||||
if (EFI_ERROR(Status)) {
|
if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
|
||||||
Status = DeleteCertsFromDb(
|
Status = DeleteCertsFromDb(
|
||||||
VariableName,
|
VariableName,
|
||||||
&AuthVarGuid,
|
&AuthVarGuid,
|
||||||
|
|
Loading…
Reference in New Issue