SecurityPkg/AuthSeriableLib: Always delete variable in certdb

[mirror_edk2.git] / SecurityPkg / Library / AuthVariableLib / AuthService.c

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 7493a2ed9cf8c44099bad3f7c0f2fa5d91b9ee55..486df55bed64f453805eebbce9e469761da44824 100644 (file)
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -18,7 +18,7 @@
   They will do basic validation for authentication data structure, then call crypto library\r
   to verify the signature.\r
 \r
-Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
 SPDX-License-Identifier: BSD-2-Clause-Patent\r
 \r
 **/\r
@@ -1735,10 +1735,13 @@ CleanCertsFromDb (
                                        );\r
 \r
       if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {\r
+        //\r
+        // While cleaning certdb, always delete the variable in certdb regardless of it attributes.\r
+        //\r
         Status      = DeleteCertsFromDb(\r
                         VariableName,\r
                         &AuthVarGuid,\r
-                        AuthVariableInfo.Attributes\r
+                        AuthVariableInfo.Attributes | EFI_VARIABLE_NON_VOLATILE\r
                         );\r
         CertCleaned = TRUE;\r
         DEBUG((EFI_D_INFO, "Recovery!! Cert for Auth Variable %s Guid %g is removed for consistency\n", VariableName, &AuthVarGuid));\r