Liming,
I plan on fixing those modules as well.  I created a new Bugzilla here: 3449 – VariablePolicy needs to replace VariableLock. (tianocore.org).

On Wed, Jun 9, 2021 at 5:53 PM gaoliming <gaoliming@byosoft.com.cn> wrote:
Ken:
  I add my comment below. Besides, some modules in MdeModulePkg still
consumes VariableLock, such as UefiBootManagerLib, PcdDxe. Have you plan to
fix them also?

> -----邮件原件-----
> 发件人: kenlautner3@gmail.com <kenlautner3@gmail.com>
> 发送时间: 2021年6月10日 7:39
> 收件人: devel@edk2.groups.io
> 抄送: Jian J Wang <jian.j.wang@intel.com>; Hao A Wu
> <hao.a.wu@intel.com>; Zhichao Gao <zhichao.gao@intel.com>; Ray Ni
> <ray.ni@intel.com>; Liming Gao <gaoliming@byosoft.com.cn>
> 主题: [PATCH v1 1/1] MdeModulePkg/BdsDxe: Update BdsEntry to use
> Variable Policy
>
> From: Ken Lautner <klautner@microsoft.com>

Please add BZ link here. https://bugzilla.tianocore.org/show_bug.cgi?id=3421
>
> Changed BdsEntry.c to use Variable Policy instead of Variable Lock
> as Variable Lock will be Deprecated eventually
>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Zhichao Gao <zhichao.gao@intel.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Cc: Liming Gao <gaoliming@byosoft.com.cn>
> Signed-off-by: Kenneth Lautner <kenlautner3@gmail.com>
> ---
>  MdeModulePkg/Universal/BdsDxe/BdsDxe.inf |  4 +++-
>  MdeModulePkg/Universal/BdsDxe/BdsEntry.c | 20 +++++++++++++++-----
>  2 files changed, 18 insertions(+), 6 deletions(-)
>
> diff --git a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> index 9310b4dccb18..76ff6a0f5fc3 100644
> --- a/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> +++ b/MdeModulePkg/Universal/BdsDxe/BdsDxe.inf
> @@ -50,6 +50,8 @@
>    BaseMemoryLib
>
>    DebugLib
>
>    UefiBootManagerLib
>
> +  VariablePolicyLib
>
> +  VariablePolicyHelperLib
>
>    PlatformBootManagerLib
>
>    PcdLib
>
>    PrintLib
>
> @@ -77,7 +79,7 @@
>  [Protocols]
>
>    gEfiBdsArchProtocolGuid                       ## PRODUCES
>
>    gEfiSimpleTextInputExProtocolGuid             ## CONSUMES
>
> -  gEdkiiVariableLockProtocolGuid                ##
> SOMETIMES_CONSUMES
>
> +  gEdkiiVariablePolicyProtocolGuid              ##
> SOMETIMES_CONSUMES
>
>    gEfiDeferredImageLoadProtocolGuid             ## CONSUMES
>
>
>
>  [FeaturePcd]
>
> diff --git a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> index 83b773a2fa5f..13723bee299b 100644
> --- a/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> +++ b/MdeModulePkg/Universal/BdsDxe/BdsEntry.c
> @@ -15,6 +15,7 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
>  #include "Bds.h"
>
>  #include "Language.h"
>
>  #include "HwErrRecSupport.h"
>
> +#include "library/VariablePolicyHelperLib.h"
>
Use the correct directory name to pass Windows VS tool chain and Linux GCC
tool chain.

With this change, Reviewed-by: Liming Gao <gaoliming@byosoft.com.cn>

Thanks
Liming
>
>
>  #define SET_BOOT_OPTION_SUPPORT_KEY_COUNT(a, c) {  \
>
>        (a) = ((a) & ~EFI_BOOT_OPTION_SUPPORT_COUNT) | (((c) <<
> LowBitSet32 (EFI_BOOT_OPTION_SUPPORT_COUNT)) &
> EFI_BOOT_OPTION_SUPPORT_COUNT); \
>
> @@ -670,7 +671,7 @@ BdsEntry (
>    EFI_STATUS                      Status;
>
>    UINT32                          BootOptionSupport;
>
>    UINT16                          BootTimeOut;
>
> -  EDKII_VARIABLE_LOCK_PROTOCOL    *VariableLock;
>
> +  EDKII_VARIABLE_POLICY_PROTOCOL  *VariablePolicy;
>
>    UINTN                           Index;
>
>    EFI_BOOT_MANAGER_LOAD_OPTION    LoadOption;
>
>    UINT16                          *BootNext;
>
> @@ -716,12 +717,21 @@ BdsEntry (
>    //
>
>    // Mark the read-only variables if the Variable Lock protocol exists
>
>    //
>
> -  Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL,
> (VOID **) &VariableLock);
>
> -  DEBUG ((EFI_D_INFO, "[BdsDxe] Locate Variable Lock protocol - %r\n",
> Status));
>
> +  Status = gBS->LocateProtocol(&gEdkiiVariablePolicyProtocolGuid, NULL,
> (VOID**)&VariablePolicy);
>
> +  DEBUG((DEBUG_INFO, "[BdsDxe] Locate Variable Policy protocol - %r\n",
> Status));
>
>    if (!EFI_ERROR (Status)) {
>
>      for (Index = 0; Index < ARRAY_SIZE (mReadOnlyVariables); Index++) {
>
> -      Status = VariableLock->RequestToLock (VariableLock,
> mReadOnlyVariables[Index], &gEfiGlobalVariableGuid);
>
> -      ASSERT_EFI_ERROR (Status);
>
> +      Status = RegisterBasicVariablePolicy(
>
> +                 VariablePolicy,
>
> +                 &gEfiGlobalVariableGuid,
>
> +                 mReadOnlyVariables[Index],
>
> +                 VARIABLE_POLICY_NO_MIN_SIZE,
>
> +                 VARIABLE_POLICY_NO_MAX_SIZE,
>
> +                 VARIABLE_POLICY_NO_MUST_ATTR,
>
> +                 VARIABLE_POLICY_NO_CANT_ATTR,
>
> +                 VARIABLE_POLICY_TYPE_LOCK_NOW
>
> +                 );
>
> +      ASSERT_EFI_ERROR(Status);
>
>      }
>
>    }
>
>
>
> --
> 2.25.1.windows.1