From 3a186b06f1f1bdc9b4508b5479e0530e629dd68c Mon Sep 17 00:00:00 2001
From: Fu Siyuan <siyuan.fu@intel.com>
Date: Thu, 12 Sep 2013 05:31:26 +0000
Subject: [PATCH] Return EFI_WRITE_PROTECTED when setting KEKDefault,
 PKDefault, dbDefault, dbxDefault and dbtDefault variable. Signed-off-by: Fu
 Siyuan <siyuan.fu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
 Reviewed-by: Dong Guo <guo.dong@intel.com>

git-svn-id: https://svn.code.sf.net/p/edk2/code/trunk/edk2@14662 6f19259b-4bc3-4df7-8a09-765794883524
---
 SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index 5ff48cff2f..c99cd2310e 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -2501,7 +2501,12 @@ IsReadOnlyVariable (
     if ((StrCmp (VariableName, EFI_SETUP_MODE_NAME) == 0) ||
         (StrCmp (VariableName, EFI_SIGNATURE_SUPPORT_NAME) == 0) ||
         (StrCmp (VariableName, EFI_SECURE_BOOT_MODE_NAME) == 0) ||
-        (StrCmp (VariableName, EFI_VENDOR_KEYS_VARIABLE_NAME) == 0)) {
+        (StrCmp (VariableName, EFI_VENDOR_KEYS_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_KEK_DEFAULT_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_PK_DEFAULT_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_DB_DEFAULT_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_DBX_DEFAULT_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_DBT_DEFAULT_VARIABLE_NAME) == 0)) {
       return TRUE;
     }
   }
-- 
2.39.2