SecurityPkg Variable: Allow the delete operation of common auth variable at user physical presence.

Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Star Zeng <star.zeng@intel.com>
Reviewed-by: Jiewen Yao <jiewen.yao@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@17042 6f19259b-4bc3-4df7-8a09-765794883524

SecurityPkg/VariableAuthenticated/RuntimeDxe/VarCheck.c

@@ -13,6 +13,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
 **/
 
 #include "Variable.h"
+#include "AuthService.h"
 #include <Library/DevicePathLib.h>
 
 extern LIST_ENTRY mLockedVariableList;
@@ -668,7 +669,7 @@ VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = {
     EFI_VENDOR_KEYS_NV_VARIABLE_NAME,
     {
       VAR_CHECK_VARIABLE_PROPERTY_REVISION,
-      0,
+      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
       VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
       sizeof (UINT8),
       sizeof (UINT8)
@@ -676,10 +677,10 @@ VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = {
   },
   {
     &gEfiAuthenticatedVariableGuid,
-    L"AuthVarKeyDatabase",
+    AUTHVAR_KEYDB_NAME,
     {
       VAR_CHECK_VARIABLE_PROPERTY_REVISION,
-      0,
+      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
       VARIABLE_ATTRIBUTE_NV_BS_RT_AW,
       sizeof (UINT8),
       MAX_UINTN
@@ -687,10 +688,10 @@ VARIABLE_DRIVER_VARIABLE_ENTRY mVariableDriverVariableList[] = {
   },
   {
     &gEfiCertDbGuid,
-    L"certdb",
+    EFI_CERT_DB_NAME,
     {
       VAR_CHECK_VARIABLE_PROPERTY_REVISION,
-      0,
+      VAR_CHECK_VARIABLE_PROPERTY_READ_ONLY,
       VARIABLE_ATTRIBUTE_NV_BS_RT_AT,
       sizeof (UINT32),
       MAX_UINTN