X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FLibrary%2FAuthVariableLib%2FAuthService.c;h=b013d420f62e29097e418143e19b85d866b3af76;hp=1d49b6a16e49b2b93814fef3fea179c2444c2629;hb=fd4d9c6495109979eb17779e07666c7c11c79c6a;hpb=90fa53213ec458b5c4f8851c09aeb3de977531e5

diff --git a/SecurityPkg/Library/AuthVariableLib/AuthService.c b/SecurityPkg/Library/AuthVariableLib/AuthService.c
index 1d49b6a16e..b013d420f6 100644
--- a/SecurityPkg/Library/AuthVariableLib/AuthService.c
+++ b/SecurityPkg/Library/AuthVariableLib/AuthService.c
@@ -931,7 +931,7 @@ ProcessVarWithPk (
   // Init state of Del. State may change due to secure check
   //
   Del = FALSE;
-  if ((InCustomMode() && mUserPhysicalPresent) || (mPlatformMode == SETUP_MODE && !IsPk)) {
+  if ((InCustomMode() && UserPhysicalPresent()) || (mPlatformMode == SETUP_MODE && !IsPk)) {
     Payload = (UINT8 *) Data + AUTHINFO2_SIZE (Data);
     PayloadSize = DataSize - AUTHINFO2_SIZE (Data);
     if (PayloadSize == 0) {
@@ -1049,7 +1049,7 @@ ProcessVarWithKek (
   }
 
   Status = EFI_SUCCESS;
-  if (mPlatformMode == USER_MODE && !(InCustomMode() && mUserPhysicalPresent)) {
+  if (mPlatformMode == USER_MODE && !(InCustomMode() && UserPhysicalPresent())) {
     //
     // Time-based, verify against X509 Cert KEK.
     //
@@ -1204,7 +1204,7 @@ ProcessVariable (
              &OrgVariableInfo
              );
 
-  if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && mUserPhysicalPresent) {
+  if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) {
     //
     // Allow the delete operation of common authenticated variable at user physical presence.
     //
@@ -1222,7 +1222,7 @@ ProcessVariable (
     return Status;
   }
 
-  if (NeedPhysicallyPresent (VariableName, VendorGuid) && !mUserPhysicalPresent) {
+  if (NeedPhysicallyPresent (VariableName, VendorGuid) && !UserPhysicalPresent()) {
     //
     // This variable is protected, only physical present user could modify its value.
     //
@@ -2100,7 +2100,7 @@ CleanCertsFromDb (
                                        &AuthVariableInfo
                                        );
 
-      if (EFI_ERROR(Status)) {
+      if (EFI_ERROR(Status) || (AuthVariableInfo.Attributes & EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS) == 0) {
         Status      = DeleteCertsFromDb(
                         VariableName,
                         &AuthVarGuid,