sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

SecurityPkg/AuthSeriableLib: Always delete variable in certdb

Browse Source 
REF: https://bugzilla.tianocore.org/show_bug.cgi?id=1783

While cleaning the certdb, always delete the variable data in
the certdb regardless of its attribute.

Cc: Chao Zhang <chao.b.zhang@intel.com>
Cc: Jiewen Yao <jiewen.yao@intel.com>
Cc: Jian Wang <jian.j.wang@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Liming Gao <liming.gao@intel.com>
Signed-off-by: Zhichao Gao <zhichao.gao@intel.com>
Reviewed-by: Chao Zhang <chao.b.zhang@intel.com>
This commit is contained in:
Zhichao Gao
2019-05-13 10:48:27 +08:00
committed by Jian J Wang
parent 4000f249ba
commit e90ea9470a
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
SecurityPkg/Library/AuthVariableLib/AuthService.c
View File

@ -18,7 +18,7 @@
They will do basic validation for authentication data structure, then call crypto library They will do basic validation for authentication data structure, then call crypto library
to verify the signature. to verify the signature.
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>
SPDX-License-Identifier: BSD-2-Clause-Patent SPDX-License-Identifier: BSD-2-Clause-Patent
**/ **/
@ -1735,10 +1735,13 @@ CleanCertsFromDb (
); );
if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) { if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
//
// While cleaning certdb, always delete the variable in certdb regardless of it attributes.
//
Status = DeleteCertsFromDb( Status = DeleteCertsFromDb(
VariableName, VariableName,
&AuthVarGuid, &AuthVarGuid,
AuthVariableInfo.Attributes AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE
); );
CertCleaned = TRUE; CertCleaned = TRUE;
DEBUG((EFI_D_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid)); DEBUG((EFI_D_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));