to verify the signature.\r
\r
Copyright (c) 2009 - 2019, Intel Corporation. All rights reserved.<BR>\r
+Copyright (c) Microsoft Corporation.\r
SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
#include "AuthServiceInternal.h"\r
\r
+#include <Protocol/VariablePolicy.h>\r
+#include <Library/VariablePolicyLib.h>\r
+\r
//\r
// Public Exponent of RSA Key.\r
//\r
IN EFI_GUID *VendorGuid\r
)\r
{\r
- if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))\r
- || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {\r
- return TRUE;\r
+ // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.\r
+ if (IsVariablePolicyEnabled()) {\r
+ if ((CompareGuid (VendorGuid, &gEfiSecureBootEnableDisableGuid) && (StrCmp (VariableName, EFI_SECURE_BOOT_ENABLE_NAME) == 0))\r
+ || (CompareGuid (VendorGuid, &gEfiCustomModeEnableGuid) && (StrCmp (VariableName, EFI_CUSTOM_MODE_NAME) == 0))) {\r
+ return TRUE;\r
+ }\r
}\r
\r
return FALSE;\r
&OrgVariableInfo\r
);\r
\r
- if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && UserPhysicalPresent()) {\r
+ // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.\r
+ if ((!EFI_ERROR (Status)) && IsDeleteAuthVariable (OrgVariableInfo.Attributes, Data, DataSize, Attributes) && (UserPhysicalPresent() || !IsVariablePolicyEnabled())) {\r
//\r
// Allow the delete operation of common authenticated variable(AT or AW) at user physical presence.\r
//\r
PayloadPtr = SigData + SigDataSize;\r
PayloadSize = DataSize - OFFSET_OF_AUTHINFO2_CERT_DATA - (UINTN) SigDataSize;\r
\r
+ // If the VariablePolicy engine is disabled, allow deletion of any authenticated variables.\r
+ if (PayloadSize == 0 && (Attributes & EFI_VARIABLE_APPEND_WRITE) == 0 && !IsVariablePolicyEnabled()) {\r
+ VerifyStatus = TRUE;\r
+ goto Exit;\r
+ }\r
+\r
//\r
// Construct a serialization buffer of the values of the VariableName, VendorGuid and Attributes\r
// parameters of the SetVariable() call and the TimeStamp component of the\r
Exit:\r
\r
if (AuthVarType == AuthVarTypePk || AuthVarType == AuthVarTypePriv) {\r
- Pkcs7FreeSigners (TopLevelCert);\r
- Pkcs7FreeSigners (SignerCerts);\r
+ if (TopLevelCert != NULL) {\r
+ Pkcs7FreeSigners (TopLevelCert);\r
+ }\r
+ if (SignerCerts != NULL) {\r
+ Pkcs7FreeSigners (SignerCerts);\r
+ }\r
}\r
\r
if (!VerifyStatus) {\r