Your primary concern is my primary concern.&nbsp; I can think of two scenarios where a runtime memory varstore would hurt.<br /><br />The less severe one is that any variables measured into a TPM could appear to be modified when read back so that if/when some entity wants to verify or unseal something, they would be unable to match the TPM's PCR values and unable to verify/unseal.&nbsp; This turns access to runtime EFI memory into a denial of service for TPM-based post-boot software.<br /><br />The more worrying possibility is if somebody decides to use a read-modify-write pattern for some variable they have an interest in and thus end up defeating the security of the variable write method.&nbsp; Today a read-modify-write is safe, but after this change it would not be.