]> git.proxmox.com Git - mirror_edk2.git/blobdiff - SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
SecurityPkg Variable: Update code in ProcessVariable () to
[mirror_edk2.git] / SecurityPkg / VariableAuthenticated / RuntimeDxe / AuthService.c
diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
index 7f9d5311004233d01d7be9c01e088865da89cf26..9b8f63f089322fbc80c28d75826e2a2eb037dde0 100644 (file)
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/AuthService.c
@@ -1359,36 +1359,34 @@ ProcessVariable (
   IsDeletion  = FALSE;\r
   Status      = EFI_SUCCESS;\r
 \r
-  if (UserPhysicalPresent()) {\r
+  if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes) && UserPhysicalPresent()) {\r
     //\r
     // Allow the delete operation of common authenticated variable at user physical presence.\r
     //\r
-    if (IsDeleteAuthVariable (Data, DataSize, Variable, Attributes)) {\r
-      if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
-        Status = DeleteCertsFromDb (VariableName, VendorGuid);\r
-      }\r
-      if (!EFI_ERROR (Status)) {\r
-        Status = UpdateVariable (\r
-                   VariableName,\r
-                   VendorGuid,\r
-                   NULL,\r
-                   0,\r
-                   0,\r
-                   0,\r
-                   0,\r
-                   Variable,\r
-                   NULL\r
-                   );\r
-      }\r
-      return Status;\r
+    if ((Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) != 0) {\r
+      Status = DeleteCertsFromDb (VariableName, VendorGuid);\r
     }\r
-  } else {\r
-    if (NeedPhysicallyPresent(VariableName, VendorGuid)) {\r
-      //\r
-      // This variable is protected, only physical present user could modify its value.\r
-      //\r
-      return EFI_SECURITY_VIOLATION;\r
+    if (!EFI_ERROR (Status)) {\r
+      Status = UpdateVariable (\r
+                 VariableName,\r
+                 VendorGuid,\r
+                 NULL,\r
+                 0,\r
+                 0,\r
+                 0,\r
+                 0,\r
+                 Variable,\r
+                 NULL\r
+                 );\r
     }\r
+    return Status;\r
+  }\r
+\r
+  if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {\r
+    //\r
+    // This variable is protected, only physical present user could modify its value.\r
+    //\r
+    return EFI_SECURITY_VIOLATION;\r
   }\r
 \r
   //\r
EFI Development Kit II mirror for PVE