MdeModulePkg: Allow VariablePolicy state to delete protected variables

[mirror_edk2.git] / MdeModulePkg / Universal / Variable / RuntimeDxe / TcgMorLockSmm.c

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
index 6d80eb64341a487561bad771cdef809b272fd72b..085f82035f4b90fa0edefeee6753049c82eac250 100644 (file)
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -5,6 +5,7 @@
   This module adds Variable Hook and check MemoryOverwriteRequestControlLock.\r
 \r
 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) Microsoft Corporation.\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -17,6 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/BaseMemoryLib.h>\r
 #include "Variable.h"\r
 \r
+#include <Protocol/VariablePolicy.h>\r
+\r
+#include <Library/VariablePolicyLib.h>\r
+\r
 typedef struct {\r
   CHAR16                                 *VariableName;\r
   EFI_GUID                               *VendorGuid;\r
@@ -341,6 +346,11 @@ SetVariableCheckHandlerMor (
     return EFI_SUCCESS;\r
   }\r
 \r
+  // Permit deletion when policy is disabled.\r
+  if (!IsVariablePolicyEnabled() && ((Attributes == 0) || (DataSize == 0))) {\r
+    return EFI_SUCCESS;\r
+  }\r
+\r
   //\r
   // MorLock variable\r
   //\r