2 steps are used to create/delete a time based variable.
For create
step 1: Insert Signer Cert to CertDB.
Step 2: Insert Payload to Variable.
For delete
step 1: Delete Variable.
Step 2: Delete Cert from CertDB.
System may breaks between step 1 & step 2, so CertDB may contains useless
Cert in the next reboot. AuthVariableLib choose to sync consistent state
between CertDB & Time Auth Variable on initialization. However, it doesn't
apply Time Auth attribute check. Now add it.
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Chao Zhang <chao.b.zhang@intel.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Zeng Star <star.zeng@intel.com>
&AuthVariableInfo\r
);\r
\r
- if (EFI_ERROR(Status)) {\r
+ if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {\r
Status = DeleteCertsFromDb(\r
VariableName,\r
&AuthVarGuid,\r