+ ASSERT (EFI_ERROR (Status));\r
+ if (Status != EFI_BUFFER_TOO_SMALL) {\r
+ return VerifyStatus;\r
+ }\r
+\r
+ Data = (UINT8 *) AllocateZeroPool (DataSize);\r
+ if (Data == NULL) {\r
+ return VerifyStatus;\r
+ }\r
+\r
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE, &gEfiImageSecurityDatabaseGuid, NULL, &DataSize, (VOID *) Data);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Done;\r
+ }\r
+\r
+ //\r
+ // Fetch 'dbx' content. If 'dbx' doesn't exist, continue to check 'db'.\r
+ // If any other errors occured, no need to check 'db' but just return\r
+ // not-allowed-by-db (FALSE) to avoid bypass.\r
+ //\r
+ DbxDataSize = 0;\r
+ Status = gRT->GetVariable (EFI_IMAGE_SECURITY_DATABASE1, &gEfiImageSecurityDatabaseGuid, NULL, &DbxDataSize, NULL);\r
+ ASSERT (EFI_ERROR (Status));\r
+ if (Status != EFI_BUFFER_TOO_SMALL) {\r
+ if (Status != EFI_NOT_FOUND) {\r
+ goto Done;\r
+ }\r
+ //\r
+ // 'dbx' does not exist. Continue to check 'db'.\r
+ //\r
+ } else {\r
+ //\r
+ // 'dbx' exists. Get its content.\r
+ //\r
+ DbxData = (UINT8 *) AllocateZeroPool (DbxDataSize);\r
+ if (DbxData == NULL) {\r
+ goto Done;\r