Those bugs and recommendations were sent out months ago. Several platforms have staged the changes already.

You need to add the library class to your DSC.

--
[ Insert obscure pop-culture reference here. ]

> On Nov 19, 2020, at 4:46 AM, Ard Biesheuvel <ard.biesheuvel@arm.com> wrote:
>
> On 11/9/20 7:45 AM, Bret Barkelew wrote:
>> The 14 patches in this series add the VariablePolicy feature to the core,
>> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
>> churn), and integrate the VariablePolicy libraries and protocols into
>> Variable Services.
>> Since the integration requires multiple changes, including adding libraries,
>> a protocol, an SMI communication handler, and VariableServices integration,
>> the patches are broken up by individual library additions and then a final
>> integration. Security-sensitive changes like bypassing Authenticated
>> Variable enforcement are also broken out into individual patches so that
>> attention can be called directly to them.
>> Platform porting instructions are described in this wiki entry:
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&amp;data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247128819%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=LLKZ7qeffR0WCvLbYuHtQIuwJGhXY0mVqB2w9B0q180%3D&amp;reserved=0
>> Discussion of the feature can be found in multiple places throughout
>> the last year on the RFC channel, staging branches, and in devel.
>> Most recently, this subject was discussed in this thread:
>> https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&amp;data=04%7C01%7Cawarkentin%40vmware.com%7C594f15b45aaf476bff7e08d88cb57390%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C637414058247133820%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=GYY52rlsPxw07vfdu%2BVbWhzRjtHWXlIGveCTT17mlfc%3D&amp;reserved=0
>> (the code branches shared in that discussion are now out of date, but the
>> whitepapers and discussion are relevant).
>> Cc: Jiewen Yao <jiewen.yao@intel.com>
>> Cc: Dandan Bi <dandan.bi@intel.com>
>> Cc: Chao Zhang <chao.b.zhang@intel.com>
>> Cc: Jian J Wang <jian.j.wang@intel.com>
>> Cc: Hao A Wu <hao.a.wu@intel.com>
>> Cc: Liming Gao <liming.gao@intel.com>
>> Cc: Jordan Justen <jordan.l.justen@intel.com>
>> Cc: Laszlo Ersek <lersek@redhat.com>
>> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
>> Cc: Andrew Fish <afish@apple.com>
>> Cc: Ray Ni <ray.ni@intel.com>
>> Cc: Bret Barkelew <brbarkel@microsoft.com>
>> Signed-off-by: Bret Barkelew <brbarkel@microsoft.com>
>
> This series has now made it into edk2, and has subsequently broken every single platform in edk2-platforms. Is anyone intending to propose any fixes for this?
>
>
>> v9 changes:
>> * Rebase
>> * Address the event ordering issues around MorLock at EndOfDxe
>> * Drop problematic tests
>> * Address ECC issues
>> v8 changes:
>> * Rebase
>> * Small tweaks from final PRs
>> * Drank a lot
>> * Enrolled several members and a steward in CatFacts
>> v7 changes:
>> * Address comments from Dandan about security of the MM handler
>> * Add readme
>> * Fix bug around hex characters in BOOT####, etc
>> * Add additional testing for hex characters
>> * Add additional testing for authenticated variables
>> v6 changes:
>> * Fix an issue with uninitialized Status in InitVariablePolicyLib() and DeinitVariablePolicyLib()
>> * Fix GCC building in shell-based functional test
>> * Rebase on latest origin/master
>> v5 changes:
>> * Fix the CONST mismatch in VariablePolicy.h and VariablePolicySmmDxe.c
>> * Fix EFIAPI mismatches in the functional unittest
>> * Rebase on latest origin/master
>> v4 changes:
>> * Remove Optional PcdAllowVariablePolicyEnforcementDisable PCD from platforms
>> * Rebase on master
>> * Migrate to new MmCommunicate2 protocol
>> * Fix an oversight in the default return value for InitMmCommonCommBuffer
>> * Fix in VariablePolicyLib to allow ExtraInitRuntimeDxe to consume variables
>> V3 changes:
>> * Address all non-unittest issues with ECC
>> * Make additional style changes
>> * Include section name in hunk headers in "ini-style" files
>> * Remove requirement for the EdkiiPiSmmCommunicationsRegionTable driver
>>   (now allocates its own buffer)
>> * Change names from VARIABLE_POLICY_PROTOCOL and gVariablePolicyProtocolGuid
>>   to EDKII_VARIABLE_POLICY_PROTOCOL and gEdkiiVariablePolicyProtocolGuid
>> * Fix GCC warning about initializing externs
>> * Add UNI strings for new PCD
>> * Add patches for ArmVirtPkg, OvmfXen, and UefiPayloadPkg
>> * Reorder patches according to Liming's feedback about adding to platforms
>>   before changing variable driver
>> V2 changes:
>> * Fixed implementation for RuntimeDxe
>> * Add PCD to block DisableVariablePolicy
>> * Fix the DumpVariablePolicy pagination in SMM
>> Bret Barkelew (13):
>>   MdeModulePkg: Define the VariablePolicy protocol interface
>>   MdeModulePkg: Define the VariablePolicyLib
>>   MdeModulePkg: Define the VariablePolicyHelperLib
>>   MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>>   OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>>   EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>>   ArmVirtPkg: Add VariablePolicy engine to ArmVirtPkg platform
>>   UefiPayloadPkg: Add VariablePolicy engine to UefiPayloadPkg platform
>>   MdeModulePkg: Connect VariablePolicy business logic to
>>     VariableServices
>>   MdeModulePkg: Allow VariablePolicy state to delete protected variables
>>   SecurityPkg: Allow VariablePolicy state to delete authenticated
>>     variables
>>   MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>>   MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c                 | 346 ++++++++
>>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c     | 396 ++++++++++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c       |  46 ++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c |  85 ++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c                 | 830 ++++++++++++++++++++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c                 |  52 +-
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c                 |  60 +-
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c                      |  49 +-
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c                   |  60 ++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c     |  71 ++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c          | 573 ++++++++++++++
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.c                   |   7 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c         |  14 +
>>  SecurityPkg/Library/AuthVariableLib/AuthService.c                          |  30 +-
>>  ArmVirtPkg/ArmVirt.dsc.inc                                                 |   4 +
>>  EmulatorPkg/EmulatorPkg.dsc                                                |   3 +
>>  MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h                              |  54 ++
>>  MdeModulePkg/Include/Library/VariablePolicyHelperLib.h                     | 164 ++++
>>  MdeModulePkg/Include/Library/VariablePolicyLib.h                           | 207 +++++
>>  MdeModulePkg/Include/Protocol/VariablePolicy.h                             | 157 ++++
>>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf               |  42 +
>>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni               |  12 +
>>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf   |  35 +
>>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni   |  12 +
>>  MdeModulePkg/Library/VariablePolicyLib/ReadMe.md                           | 406 ++++++++++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf               |  48 ++
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni               |  12 +
>>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf     |  51 ++
>>  MdeModulePkg/MdeModulePkg.ci.yaml                                          |   4 +-
>>  MdeModulePkg/MdeModulePkg.dec                                              |  26 +-
>>  MdeModulePkg/MdeModulePkg.dsc                                              |   9 +
>>  MdeModulePkg/MdeModulePkg.uni                                              |   7 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf          |   5 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf                 |   4 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf       |  11 +
>>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf        |   4 +
>>  OvmfPkg/OvmfPkgIa32.dsc                                                    |   5 +
>>  OvmfPkg/OvmfPkgIa32X64.dsc                                                 |   5 +
>>  OvmfPkg/OvmfPkgX64.dsc                                                     |   5 +
>>  OvmfPkg/OvmfXen.dsc                                                        |   4 +
>>  SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf                    |   2 +
>>  UefiPayloadPkg/UefiPayloadPkgIa32.dsc                                      |   4 +
>>  UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc                                   |   4 +
>>  43 files changed, 3845 insertions(+), 80 deletions(-)
>>  create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDxe.c
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c
>>  create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequestToLock.c
>>  create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c
>>  create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib.h
>>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>>  create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>>  create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf
>>  create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.uni
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/ReadMe.md
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni
>>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf
>