SecurityPkg: Allow VariablePolicy state to delete authenticated variables

https://bugzilla.tianocore.org/show_bug.cgi?id=2522

Causes AuthService to check
IsVariablePolicyEnabled() before enforcing
write protections to allow variable deletion
when policy engine is disabled.

Only allows deletion, not modification.

Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian J Wang <jian.j.wang@intel.com>
Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Bret Barkelew <brbarkel@microsoft.com>
Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
Reviewed-by: Dandan Bi <dandan.bi@intel.com>
Acked-by: Jian J Wang <jian.j.wang@intel.com>
This commit is contained in:
Bret Barkelew
2020-11-09 14:45:20 +08:00
committed by mergify[bot]
parent e176bafc9d
commit 28f4616fde
2 changed files with 26 additions and 6 deletions

View File

@@ -3,6 +3,7 @@
#
# Copyright (c) 2015 - 2016, Intel Corporation. All rights reserved.<BR>
# Copyright (c) 2018, ARM Limited. All rights reserved.<BR>
# Copyright (c) Microsoft Corporation.
#
# SPDX-License-Identifier: BSD-2-Clause-Patent
#
@@ -41,6 +42,7 @@
MemoryAllocationLib
BaseCryptLib
PlatformSecureLib
VariablePolicyLib
[Guids]
## CONSUMES ## Variable:L"SetupMode"