From b90c335fbbb674470fbf09601cc522bf61564c30 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 22 Mar 2018 16:50:55 +0100
Subject: [PATCH] NetworkPkg/TlsAuthConfigDxe: preserve TlsCaCertificate
 variable attributes

If the platform creates the "TlsCaCertificate" variable as volatile, then
EnrollX509toVariable() shouldn't fail to extend it just because
TLS_AUTH_CONFIG_VAR_BASE_ATTR contains the EFI_VARIABLE_NON_VOLATILE
attribute.

Thus, if the variable exists, add the EFI_VARIABLE_APPEND_WRITE attribute
to the variable's current attributes. This is what DeleteCert() does
already.

Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Reviewed-by: Fu Siyuan <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
---
 NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
index faefc72d0e..cbdd5f0664 100644
--- a/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
+++ b/NetworkPkg/TlsAuthConfigDxe/TlsAuthConfigImpl.c
@@ -813,6 +813,7 @@ EnrollX509toVariable (
   CACert        = NULL;
   CACertData    = NULL;
   Data          = NULL;
+  Attr          = 0;
 
   Status = ReadFileContent (
              Private->FileContext->FHandle,
@@ -847,22 +848,22 @@ EnrollX509toVariable (
   CopyMem ((UINT8* ) (CACertData->SignatureData), X509Data, X509DataSize);
 
   //
-  // Check if signature database entry has been already existed.
-  // If true, use EFI_VARIABLE_APPEND_WRITE attribute to append the
-  // new signature data to original variable
+  // Check if the signature database entry already exists. If it does, use the
+  // EFI_VARIABLE_APPEND_WRITE attribute to append the new signature data to
+  // the original variable, plus preserve the original variable attributes.
   //
-  Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
-
   Status = gRT->GetVariable(
                   VariableName,
                   &gEfiTlsCaCertificateGuid,
-                  NULL,
+                  &Attr,
                   &DataSize,
                   NULL
                   );
   if (Status == EFI_BUFFER_TOO_SMALL) {
     Attr |= EFI_VARIABLE_APPEND_WRITE;
-  } else if (Status != EFI_NOT_FOUND) {
+  } else if (Status == EFI_NOT_FOUND) {
+    Attr = TLS_AUTH_CONFIG_VAR_BASE_ATTR;
+  } else {
     goto ON_EXIT;
   }
 
-- 
2.39.2