From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (NAM04-SN1-obe.outbound.protection.outlook.com [40.107.70.107])
 by mx.groups.io with SMTP id smtpd.web11.479.1589347113040841360
 for <devel@edk2.groups.io>;
 Tue, 12 May 2020 22:18:33 -0700
Authentication-Results: mx.groups.io;
 dkim=pass header.i=@microsoft.com header.s=selector2 header.b=Kalrgob5;
 spf=pass (domain: microsoft.com, ip: 40.107.70.107, mailfrom: bret.barkelew@microsoft.com)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=i2keIx/8+DhWChfjYp3XD0Kp1tBnPAXn3ZFZ5mvQxjR4fvF/WkBEHxwArNTiSvTk23GAnGoYYkKYOlagLjcd8FupunDH0J4pVj9SBJiEMCHxZkHgYjtomkDL1F3CiKvaSzNnWjbag+AvvjnPpEamKHiV6WyF6z6YGXWwDsrqhYS+tSJh0kjG6CjfvVNqHc+2Biyd+n3yMByB8Jq80LWK420Y5VgMj/J+PuraheKiNoGLqBDhd89270dAFXCXdwWYCWrasNjyQVCZe7b2fLkgoT01WinzB//ORxyf3u5np0f4fs+Bdx1mU1JXPltNVub1S2uLMEyrBvLowcqyeV+Hpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=kSJl6ZQHwzDOt2nyXG18ydGopt3joeJXgOsuM7ZWfoc=;
 b=OY/E6OhVfzLBG0Dz/OVjVs2+17pURaICEMj0+g/o/4/VQV/aa5tXN/pO+72gqWOZOroAWLBMEjOg+KKIQ2jufyE/A+iHSIBQvw9OUhBfeFbVqrdLBVVZ7QcFrIUpbVEG+vYzBYu7bAz4kGmxXD6ZJZxHjlmgtTOxwG2CH1mxiDqjpL8gf3y8vgHDDHjQTxoIZJqctTkKfDBP+byJK4NAeOKEHzZIt3IQyZg0krDSm63EOfhFN8aKfqCDyVBATbKmWcw1UPx8IlrxgQh7l3XgSheA3tWxyHEQQ4MwEuxmaZlDeoF1ABtRzOCRVID8pwwBb4POP6VGa4w8T7sHjAdPVQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=microsoft.com; dmarc=pass action=none
 header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=kSJl6ZQHwzDOt2nyXG18ydGopt3joeJXgOsuM7ZWfoc=;
 b=Kalrgob5CDM6kB6hDseLIpV14WbLLiDP6ijOmfznMCqw2EQzt89qqiZA29h4akI/eWzQoY3a6wTxruMgkRPuWLMPNO7qkLKhb4XxVZHsYOHFAazUvfYdwrql1bcy3h40N/ak3O/YuoaoQJDqDWNXx4YiVD2NC2VXdfL19wP5MO8=
Received: from CY4PR21MB0743.namprd21.prod.outlook.com (2603:10b6:903:b2::9)
 by CY4PR2101MB0803.namprd21.prod.outlook.com (2603:10b6:910:8f::19) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3000.7; Wed, 13 May
 2020 05:18:31 +0000
Received: from CY4PR21MB0743.namprd21.prod.outlook.com
 ([fe80::9918:8742:bbe7:84e8]) by CY4PR21MB0743.namprd21.prod.outlook.com
 ([fe80::9918:8742:bbe7:84e8%14]) with mapi id 15.20.3021.002; Wed, 13 May
 2020 05:18:31 +0000
From: "Bret Barkelew" <bret.barkelew@microsoft.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "lersek@redhat.com"
	<lersek@redhat.com>, "michael.kubacki@outlook.com"
	<michael.kubacki@outlook.com>
CC: "Yao, Jiewen" <jiewen.yao@intel.com>, Chao Zhang <chao.b.zhang@intel.com>,
	Jian J Wang <jian.j.wang@intel.com>, Hao A Wu <hao.a.wu@intel.com>,
	liming.gao <liming.gao@intel.com>, Jordan Justen <jordan.l.justen@intel.com>,
	Ard Biesheuvel <ard.biesheuvel@arm.com>, Andrew Fish <afish@apple.com>, "Ni,
 Ray" <ray.ni@intel.com>, Anthony Perard <anthony.perard@citrix.com>, Julien
 Grall <julien@xen.org>, Maurice Ma <maurice.ma@intel.com>, Guo Dong
	<guo.dong@intel.com>, Benjamin You <benjamin.you@intel.com>
Subject: Re: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the VariablePolicy feature
Thread-Topic: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the
 VariablePolicy feature
Thread-Index: AQHWKFPnp5FwvW9nLU6cZwHLfduP/qilexji
Date: Wed, 13 May 2020 05:18:30 +0000
Message-ID: 
 <CY4PR21MB0743A3D89C9BE5668345C254EFBF0@CY4PR21MB0743.namprd21.prod.outlook.com>
References: 
 <MWHPR07MB3440F5CB92F0D7DCF94AA14FE9BE0@MWHPR07MB3440.namprd07.prod.outlook.com>,<11a89bca-ea96-9ba0-2177-e995b98e6943@redhat.com>
In-Reply-To: <11a89bca-ea96-9ba0-2177-e995b98e6943@redhat.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
msip_labels: 
 MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-05-13T05:18:02.4299761Z;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0;MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged
authentication-results: edk2.groups.io; dkim=none (message not signed)
 header.d=none;edk2.groups.io; dmarc=none action=none
 header.from=microsoft.com;
x-originating-ip: [71.212.135.200]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ed818c21-d03a-4319-4ddd-08d7f6fd1378
x-ms-traffictypediagnostic: CY4PR2101MB0803:
x-ld-processed: 72f988bf-86f1-41af-91ab-2d7cd011db47,ExtAddr
x-microsoft-antispam-prvs: 
 <CY4PR2101MB0803E35E0F6015622273C2A8EFBF0@CY4PR2101MB0803.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8882;
x-forefront-prvs: 0402872DA1
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 
 y6FJFkgDboG2+w+qh/Jmp28Y5lU5lh2UBUAQ44XoKy9A4aKurqhVcC19p4eetKrso7otyGfdA4y18WEk7GfWgE6OMyWOmgcVGp8lpzUPc7Va7+21VhGQ2AKc/J8nW8i2ga9BKinKTvs29fn2ge3oVgUUFdj1ObzD38iJw8M2EgJVb0LdbiIRW0NgG262IBcTUMdkVh4Fn1ixhLtRZzIBHNbl7H9xI1fYw+lQmVTGPtKUYRJmPCMMitCMwbDbizeodY73W7ihBj82AhZ2YJaMyx0qIyJPQd5jbJNdW8oSYXc+tCP5x1lTisKFk+JMovs1umkqcbrRU1g6EPO5zpUNTBkw7JZf06Ztk6C9gRghxc3JEHqXGLDiYsymZshTC5VA0UgDWwXhI0m5pjHlugBMG0KqKNbe+XNOO6/ql6QTZZikh+G/UHSg+zu5bkqzQJSMAXberDy/qDU8TBFlbZgLJOE+e/qOMNKak3mpnWCVTXNTzObuu6FM9x8cCl92F8D0bQ25JtE6WkIxUhzBzfNdZ2sBLBB3hSyplX3/JcochMh+zcfCgr5o+BD/geR/52mhPB5/g13nn65eDnB8ATVv8vDxdaso2GR+kvl6ZwusPEQ=
x-forefront-antispam-report: 
 CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY4PR21MB0743.namprd21.prod.outlook.com;PTR:;CAT:NONE;SFTY:;SFS:(4636009)(346002)(136003)(39860400002)(376002)(396003)(366004)(33430700001)(7416002)(186003)(110136005)(6506007)(9686003)(52536014)(66556008)(82960400001)(55016002)(76116006)(82950400001)(71200400001)(66946007)(33656002)(5660300002)(10290500003)(2906002)(66446008)(30864003)(33440700001)(66476007)(64756008)(478600001)(86362001)(8990500004)(8676002)(4326008)(166002)(966005)(54906003)(7696005)(26005)(316002)(8936002)(53546011);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata: 
 hJNWq4ROM4CqSP338kFw9NPvm+vr2dQD55qTFl2KMM98wL8o7QzENpXEXUMh5+2i5wq4K1SwNH7FFmFkvbNN1Rg1vrREsbgfYIn894EWbaKEaEoApooNzbQNuG0Elfy6HTzHeq4FvDRSD4o0yfy36dgKW8FMrKSKOr/YZGXhojcF2RhS6QukMFdHvGdyySbvSZla2HlJjfKPiVajwwDOFVWnTHlcq5lDfArKtQ14TNxsK/wmjQqnzIzkPlr40mSPGjXPHnKbYizflDdxLvrm8AfBIOEzNfl9lWtv8+IFrGRNS6rD+wjOcfYYhfT9oI5aK8m6SoF5n05Z9UenUYXOu/F3asU7lBfsaxOwhccHwv5w15pfLJ2V4sQN10NDCkzC4jpTZHwMD2IC8nbnuPl+Zvq4icNhYVIBawCGTpTgfKxHIbx3fC2z0Elnk5bSMikhBLXcdso+rvNuTBCJvDEcqus1OuI3J661tf3ZEhq/xn2YV9EniSPw8QCPUo9arwTX
x-ms-exchange-transport-forked: True
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ed818c21-d03a-4319-4ddd-08d7f6fd1378
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 May 2020 05:18:30.8365
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: j7u4YnZgSteDIdiFIzoyAj6lIfNTYC5xflL47abBBK58UHbHR5WeR5TkNVBwlTZ9J6/nZH6GtkBqB+w4st0LiA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR2101MB0803
Content-Language: en-US
Content-Type: multipart/alternative;
	boundary="_000_CY4PR21MB0743A3D89C9BE5668345C254EFBF0CY4PR21MB0743namp_"

--_000_CY4PR21MB0743A3D89C9BE5668345C254EFBF0CY4PR21MB0743namp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

"Not sure about the UefiPayloadPkg platforms; please ask their maintainers.=
"

UefiPayloadPkg maintainers: what say you? ?

- Bret

________________________________
From: devel@edk2.groups.io <devel@edk2.groups.io> on behalf of Laszlo Erse=
k via groups.io <lersek=3Dredhat.com@groups.io>
Sent: Tuesday, May 12, 2020 4:52:52 AM
To: devel@edk2.groups.io <devel@edk2.groups.io>; michael.kubacki@outlook.c=
om <michael.kubacki@outlook.com>
Cc: Yao, Jiewen <jiewen.yao@intel.com>; Chao Zhang <chao.b.zhang@intel.com=
>; Jian J Wang <jian.j.wang@intel.com>; Hao A Wu <hao.a.wu@intel.com>; limi=
ng.gao <liming.gao@intel.com>; Jordan Justen <jordan.l.justen@intel.com>; A=
rd Biesheuvel <ard.biesheuvel@arm.com>; Andrew Fish <afish@apple.com>; Ni, =
Ray <ray.ni@intel.com>; Anthony Perard <anthony.perard@citrix.com>; Julien =
Grall <julien@xen.org>; Maurice Ma <maurice.ma@intel.com>; Guo Dong <guo.do=
ng@intel.com>; Benjamin You <benjamin.you@intel.com>
Subject: [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the VariablePoli=
cy feature

On 05/12/20 08:46, Michael Kubacki wrote:
> From: Michael Kubacki <michael.kubacki@microsoft.com>
>
> REF:https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2F=
bugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2522&amp;data=3D02%7C01%7Cbret=
.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f988bf86f1=
41af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp;sdata=3DGlpxfE6%2FzZR=
01KXRvOoaXQTQEG%2F3TNuaZxJ6C1fl6LI%3D&amp;reserved=3D0
>
> The 12 patches in this series add the VariablePolicy feature to the core=
,
> deprecate Edk2VarLock (while adding a compatibility layer to reduce code
> churn), and integrate the VariablePolicy libraries and protocols into
> Variable Services.
>
> Since the integration requires multiple changes, including adding librar=
ies,
> a protocol, an SMI communication handler, and VariableServices integrati=
on,
> the patches are broken up by individual library additions and then a fin=
al
> integration. Security-sensitive changes like bypassing Authenticated
> Variable enforcement are also broken out into individual patches so that
> attention can be called directly to them.
>
> Platform porting instructions are described in this wiki entry:
> https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgith=
ub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol--=
-Enhanced-Method-for-Managing-Variables%23platform-porting&amp;data=3D02%7C=
01%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f=
988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp;sdata=3Do%2F=
raXnHgx4RMreIkSFSONm8He0CzM7ZTXoV8loOrxe0%3D&amp;reserved=3D0

(1) This wiki article is helpful, thanks.

I have one remark: there's a heading saying "VarCheckPolicyLib NULL
Instance":

https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub=
.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---E=
nhanced-Method-for-Managing-Variables%23varcheckpolicylib-null-instance&amp=
;data=3D02%7C01%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f=
66b0927%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp=
;sdata=3D4qTYEB6%2F3uJnLZ9MjRHODQGaaPq6zZEp7bFlCXEP7gI%3D&amp;reserved=3D0

I think what's meant is "NULL class", not "NULL instance".

(2) The following platform DSC files in edk2 include the non-SMM
variable driver
("MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf"),
but they are not modified by this patch series:

ArmVirtPkg/ArmVirtQemu.dsc
ArmVirtPkg/ArmVirtQemuKernel.dsc
ArmVirtPkg/ArmVirtXen.dsc
OvmfPkg/OvmfXen.dsc
UefiPayloadPkg/UefiPayloadPkgIa32.dsc
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc

I'm asking that you please (a) include a patch for ArmVirtPkg, (b)
update the OvmfPkg patch to cover "OvmfXen.dsc" too.

Not sure about the UefiPayloadPkg platforms; please ask their maintainers.

(I've CC'd the OvmfXen and UefiPayloadPkg maintainers/reviewers.)

Thanks,
Laszlo

>
> Discussion of the feature can be found in multiple places throughout
> the last year on the RFC channel, staging branches, and in devel.
>
> Most recently, this subject was discussed in this thread:
> https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2=
.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&amp;data=3D02%7C01%7Cbret.barkelew=
%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f988bf86f141af91ab2=
d7cd011db47%7C1%7C0%7C637248811886938531&amp;sdata=3D%2FFmQMtE%2Ffrl6UxNdY9=
4mvckwrXVUJySJ%2BWFSSQp8nCk%3D&amp;reserved=3D0
> (the code branches shared in that discussion are now out of date, but th=
e
> whitepapers and discussion are relevant).
>
> Cc: Jiewen Yao <jiewen.yao@intel.com>
> Cc: Chao Zhang <chao.b.zhang@intel.com>
> Cc: Jian J Wang <jian.j.wang@intel.com>
> Cc: Hao A Wu <hao.a.wu@intel.com>
> Cc: Liming Gao <liming.gao@intel.com>
> Cc: Jordan Justen <jordan.l.justen@intel.com>
> Cc: Laszlo Ersek <lersek@redhat.com>
> Cc: Ard Biesheuvel <ard.biesheuvel@arm.com>
> Cc: Andrew Fish <afish@apple.com>
> Cc: Ray Ni <ray.ni@intel.com>
> Signed-off-by: Michael Kubacki <michael.kubacki@microsoft.com>
>
> Changes since v1:
> * Fixed implementation for RuntimeDxe
> * Add PCD to block DisableVariablePolicy
> * Fix the DumpVariablePolicy pagination in SMM
>
> Bret Barkelew (12):
>   MdeModulePkg: Define the VariablePolicy protocol interface
>   MdeModulePkg: Define the VariablePolicyLib
>   MdeModulePkg: Define the VariablePolicyHelperLib
>   MdeModulePkg: Define the VarCheckPolicyLib and SMM interface
>   MdeModulePkg: Connect VariablePolicy business logic to
>     VariableServices
>   MdeModulePkg: Allow VariablePolicy state to delete protected variables
>   SecurityPkg: Allow VariablePolicy state to delete authenticated
>     variables
>   MdeModulePkg: Change TCG MOR variables to use VariablePolicy
>   MdeModulePkg: Drop VarLock from RuntimeDxe variable driver
>   MdeModulePkg: Add a shell-based functional test for VariablePolicy
>   OvmfPkg: Add VariablePolicy engine to OvmfPkg platform
>   EmulatorPkg: Add VariablePolicy engine to EmulatorPkg platform
>
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c             =
                  |  318 +++
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.c =
                  |  396 ++++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitNull.c   =
                  |   46 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitRuntimeDx=
e.c               |   85 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c             =
                  |  806 +++++++
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariableP=
olicyUnitTest.c   | 2285 ++++++++++++++++++++
>  MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFun=
cTestApp.c        | 1942 +++++++++++++++++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c             =
                  |   52 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c             =
                  |   60 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c                  =
                  |   49 +-
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c               =
                  |   53 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstToLock.c  =
                  |   71 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe.c      =
                  |  653 ++++++
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.c     =
                  |   14 +
>  SecurityPkg/Library/AuthVariableLib/AuthService.c                      =
                  |   22 +-
>  EmulatorPkg/EmulatorPkg.dsc                                            =
                  |    6 +
>  MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h                          =
                  |   54 +
>  MdeModulePkg/Include/Library/VariablePolicyHelperLib.h                 =
                  |  164 ++
>  MdeModulePkg/Include/Library/VariablePolicyLib.h                       =
                  |  207 ++
>  MdeModulePkg/Include/Protocol/VariablePolicy.h                         =
                  |  157 ++
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf           =
                  |   44 +
>  MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni           =
                  |   12 +
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.in=
f                 |   36 +
>  MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.un=
i                 |   12 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf           =
                  |   44 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni           =
                  |   12 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntimeDxe.inf =
                  |   52 +
>  MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/VariableP=
olicyUnitTest.inf |   41 +
>  MdeModulePkg/MdeModulePkg.ci.yaml                                      =
                  |    4 +-
>  MdeModulePkg/MdeModulePkg.dec                                          =
                  |   26 +-
>  MdeModulePkg/MdeModulePkg.dsc                                          =
                  |   15 +
>  MdeModulePkg/Test/MdeModulePkgHostTest.dsc                             =
                  |   11 +
>  MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md        =
                  |   55 +
>  MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariablePolicyFun=
cTestApp.inf      |   42 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf      =
                  |    5 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf             =
                  |    4 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDxe.inf   =
                  |   12 +
>  MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf    =
                  |    4 +
>  OvmfPkg/OvmfPkgIa32.dsc                                                =
                  |    8 +
>  OvmfPkg/OvmfPkgIa32X64.dsc                                             =
                  |    8 +
>  OvmfPkg/OvmfPkgX64.dsc                                                 =
                  |    8 +
>  SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf                =
                  |    2 +
>  42 files changed, 7819 insertions(+), 78 deletions(-)
>  create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolic=
yLib.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/Variabl=
ePolicyHelperLib.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yExtraInitNull.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yExtraInitRuntimeDxe.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yLib.c
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yUnitTest/VariablePolicyUnitTest.c
>  create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestAp=
p/VariablePolicyFuncTestApp.c
>  create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableL=
ockRequstToLock.c
>  create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/VariableP=
olicySmmDxe.c
>  create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h
>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyHelperLib=
.h
>  create mode 100644 MdeModulePkg/Include/Library/VariablePolicyLib.h
>  create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy.h
>  create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolic=
yLib.inf
>  create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolic=
yLib.uni
>  create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/Variabl=
ePolicyHelperLib.inf
>  create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib/Variabl=
ePolicyHelperLib.uni
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yLib.inf
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yLib.uni
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yLibRuntimeDxe.inf
>  create mode 100644 MdeModulePkg/Library/VariablePolicyLib/VariablePolic=
yUnitTest/VariablePolicyUnitTest.inf
>  create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestAp=
p/Readme.md
>  create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestAp=
p/VariablePolicyFuncTestApp.inf
>





--_000_CY4PR21MB0743A3D89C9BE5668345C254EFBF0CY4PR21MB0743namp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/of=
fice/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dus-ascii=
">
<meta name=3D"Generator" content=3D"Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:DengXian;
	panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
	{font-family:"\@DengXian";
	panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
.MsoChpDefault
	{mso-style-type:export-only;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style>
</head>
<body lang=3D"EN-US" link=3D"blue" vlink=3D"#954F72">
<div class=3D"WordSection1">
<p class=3D"MsoNormal">&#8220;Not sure about the UefiPayloadPkg platforms;=
 please ask their maintainers.&#8221;<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">UefiPayloadPkg maintainers: what say you? <span sty=
le=3D"font-family:&quot;Segoe UI Emoji&quot;,sans-serif">
&#128521;</span></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
<p class=3D"MsoNormal">- Bret<o:p></o:p></p>
<p class=3D"MsoNormal"><o:p>&nbsp;</o:p></p>
</div>
<hr style=3D"display:inline-block;width:98%" tabindex=3D"-1">
<div id=3D"divRplyFwdMsg" dir=3D"ltr"><font face=3D"Calibri, sans-serif" s=
tyle=3D"font-size:11pt" color=3D"#000000"><b>From:</b> devel@edk2.groups.io=
 &lt;devel@edk2.groups.io&gt; on behalf of Laszlo Ersek via groups.io &lt;l=
ersek=3Dredhat.com@groups.io&gt;<br>
<b>Sent:</b> Tuesday, May 12, 2020 4:52:52 AM<br>
<b>To:</b> devel@edk2.groups.io &lt;devel@edk2.groups.io&gt;; michael.kuba=
cki@outlook.com &lt;michael.kubacki@outlook.com&gt;<br>
<b>Cc:</b> Yao, Jiewen &lt;jiewen.yao@intel.com&gt;; Chao Zhang &lt;chao.b=
.zhang@intel.com&gt;; Jian J Wang &lt;jian.j.wang@intel.com&gt;; Hao A Wu &=
lt;hao.a.wu@intel.com&gt;; liming.gao &lt;liming.gao@intel.com&gt;; Jordan =
Justen &lt;jordan.l.justen@intel.com&gt;; Ard Biesheuvel &lt;ard.biesheuvel=
@arm.com&gt;;
 Andrew Fish &lt;afish@apple.com&gt;; Ni, Ray &lt;ray.ni@intel.com&gt;; An=
thony Perard &lt;anthony.perard@citrix.com&gt;; Julien Grall &lt;julien@xen=
.org&gt;; Maurice Ma &lt;maurice.ma@intel.com&gt;; Guo Dong &lt;guo.dong@in=
tel.com&gt;; Benjamin You &lt;benjamin.you@intel.com&gt;<br>
<b>Subject:</b> [EXTERNAL] Re: [edk2-devel] [PATCH v2 00/12] Add the Varia=
blePolicy feature</font>
<div>&nbsp;</div>
</div>
<div class=3D"BodyFragment"><font size=3D"2"><span style=3D"font-size:11pt=
;">
<div class=3D"PlainText">On 05/12/20 08:46, Michael Kubacki wrote:<br>
&gt; From: Michael Kubacki &lt;michael.kubacki@microsoft.com&gt;<br>
&gt; <br>
&gt; REF:https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F=
%2Fbugzilla.tianocore.org%2Fshow_bug.cgi%3Fid%3D2522&amp;amp;data=3D02%7C01=
%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f98=
8bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp;amp;sdata=3DGl=
pxfE6%2FzZR01KXRvOoaXQTQEG%2F3TNuaZxJ6C1fl6LI%3D&amp;amp;reserved=3D0<br>
&gt; <br>
&gt; The 12 patches in this series add the VariablePolicy feature to the c=
ore,<br>
&gt; deprecate Edk2VarLock (while adding a compatibility layer to reduce c=
ode<br>
&gt; churn), and integrate the VariablePolicy libraries and protocols into=
<br>
&gt; Variable Services.<br>
&gt; <br>
&gt; Since the integration requires multiple changes, including adding lib=
raries,<br>
&gt; a protocol, an SMI communication handler, and VariableServices integr=
ation,<br>
&gt; the patches are broken up by individual library additions and then a =
final<br>
&gt; integration. Security-sensitive changes like bypassing Authenticated<=
br>
&gt; Variable enforcement are also broken out into individual patches so t=
hat<br>
&gt; attention can be called directly to them.<br>
&gt; <br>
&gt; Platform porting instructions are described in this wiki entry:<br>
&gt; <a href=3D"https://nam06.safelinks.protection.outlook.com/?url=3Dhttp=
s%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePol=
icy-Protocol---Enhanced-Method-for-Managing-Variables%23platform-porting&am=
p;amp;data=3D02%7C01%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c43=
08d7f66b0927%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63724881188692854=
1&amp;amp;sdata=3Do%2FraXnHgx4RMreIkSFSONm8He0CzM7ZTXoV8loOrxe0%3D&amp;amp;=
reserved=3D0">
https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fgithub=
.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-Protocol---E=
nhanced-Method-for-Managing-Variables%23platform-porting&amp;amp;data=3D02%=
7C01%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C7=
2f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886928541&amp;amp;sdata=
=3Do%2FraXnHgx4RMreIkSFSONm8He0CzM7ZTXoV8loOrxe0%3D&amp;amp;reserved=3D0</=
a><br>
<br>
(1) This wiki article is helpful, thanks.<br>
<br>
I have one remark: there's a heading saying &quot;VarCheckPolicyLib NULL<b=
r>
Instance&quot;:<br>
<br>
<a href=3D"https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%=
2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVariablePolicy-P=
rotocol---Enhanced-Method-for-Managing-Variables%23varcheckpolicylib-null-i=
nstance&amp;amp;data=3D02%7C01%7Cbret.barkelew%40microsoft.com%7C98d423482c=
ea4e143c4308d7f66b0927%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6372488=
11886928541&amp;amp;sdata=3D4qTYEB6%2F3uJnLZ9MjRHODQGaaPq6zZEp7bFlCXEP7gI%3=
D&amp;amp;reserved=3D0">https://nam06.safelinks.protection.outlook.com/?url=
=
=3Dhttps%3A%2F%2Fgithub.com%2Ftianocore%2Ftianocore.github.io%2Fwiki%2FVar=
iablePolicy-Protocol---Enhanced-Method-for-Managing-Variables%23varcheckpol=
icylib-null-instance&amp;amp;data=3D02%7C01%7Cbret.barkelew%40microsoft.com=
%7C98d423482cea4e143c4308d7f66b0927%7C72f988bf86f141af91ab2d7cd011db47%7C1%=
7C0%7C637248811886928541&amp;amp;sdata=3D4qTYEB6%2F3uJnLZ9MjRHODQGaaPq6zZEp=
7bFlCXEP7gI%3D&amp;amp;reserved=3D0</a><br>
<br>
I think what's meant is &quot;NULL class&quot;, not &quot;NULL instance&qu=
ot;.<br>
<br>
(2) The following platform DSC files in edk2 include the non-SMM<br>
variable driver<br>
(&quot;MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.inf&q=
uot;),<br>
but they are not modified by this patch series:<br>
<br>
ArmVirtPkg/ArmVirtQemu.dsc<br>
ArmVirtPkg/ArmVirtQemuKernel.dsc<br>
ArmVirtPkg/ArmVirtXen.dsc<br>
OvmfPkg/OvmfXen.dsc<br>
UefiPayloadPkg/UefiPayloadPkgIa32.dsc<br>
UefiPayloadPkg/UefiPayloadPkgIa32X64.dsc<br>
<br>
I'm asking that you please (a) include a patch for ArmVirtPkg, (b)<br>
update the OvmfPkg patch to cover &quot;OvmfXen.dsc&quot; too.<br>
<br>
Not sure about the UefiPayloadPkg platforms; please ask their maintainers.=
<br>
<br>
(I've CC'd the OvmfXen and UefiPayloadPkg maintainers/reviewers.)<br>
<br>
Thanks,<br>
Laszlo<br>
<br>
&gt; <br>
&gt; Discussion of the feature can be found in multiple places throughout<=
br>
&gt; the last year on the RFC channel, staging branches, and in devel.<br>
&gt; <br>
&gt; Most recently, this subject was discussed in this thread:<br>
&gt; <a href=3D"https://nam06.safelinks.protection.outlook.com/?url=3Dhttp=
s%3A%2F%2Fedk2.groups.io%2Fg%2Fdevel%2Fmessage%2F53712&amp;amp;data=3D02%7C=
01%7Cbret.barkelew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f=
988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637248811886938531&amp;amp;sdata=3D=
%2FFmQMtE%2Ffrl6UxNdY94mvckwrXVUJySJ%2BWFSSQp8nCk%3D&amp;amp;reserved=3D0">
https://nam06.safelinks.protection.outlook.com/?url=3Dhttps%3A%2F%2Fedk2.g=
roups.io%2Fg%2Fdevel%2Fmessage%2F53712&amp;amp;data=3D02%7C01%7Cbret.barkel=
ew%40microsoft.com%7C98d423482cea4e143c4308d7f66b0927%7C72f988bf86f141af91a=
b2d7cd011db47%7C1%7C0%7C637248811886938531&amp;amp;sdata=3D%2FFmQMtE%2Ffrl6=
UxNdY94mvckwrXVUJySJ%2BWFSSQp8nCk%3D&amp;amp;reserved=3D0</a><br>
&gt; (the code branches shared in that discussion are now out of date, but=
 the<br>
&gt; whitepapers and discussion are relevant).<br>
&gt; <br>
&gt; Cc: Jiewen Yao &lt;jiewen.yao@intel.com&gt;<br>
&gt; Cc: Chao Zhang &lt;chao.b.zhang@intel.com&gt;<br>
&gt; Cc: Jian J Wang &lt;jian.j.wang@intel.com&gt;<br>
&gt; Cc: Hao A Wu &lt;hao.a.wu@intel.com&gt;<br>
&gt; Cc: Liming Gao &lt;liming.gao@intel.com&gt;<br>
&gt; Cc: Jordan Justen &lt;jordan.l.justen@intel.com&gt;<br>
&gt; Cc: Laszlo Ersek &lt;lersek@redhat.com&gt;<br>
&gt; Cc: Ard Biesheuvel &lt;ard.biesheuvel@arm.com&gt;<br>
&gt; Cc: Andrew Fish &lt;afish@apple.com&gt;<br>
&gt; Cc: Ray Ni &lt;ray.ni@intel.com&gt;<br>
&gt; Signed-off-by: Michael Kubacki &lt;michael.kubacki@microsoft.com&gt;<=
br>
&gt; <br>
&gt; Changes since v1:<br>
&gt; * Fixed implementation for RuntimeDxe<br>
&gt; * Add PCD to block DisableVariablePolicy<br>
&gt; * Fix the DumpVariablePolicy pagination in SMM<br>
&gt; <br>
&gt; Bret Barkelew (12):<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Define the VariablePolicy protocol interfac=
e<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Define the VariablePolicyLib<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Define the VariablePolicyHelperLib<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Define the VarCheckPolicyLib and SMM interf=
ace<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Connect VariablePolicy business logic to<br=
>
&gt;&nbsp;&nbsp;&nbsp;&nbsp; VariableServices<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Allow VariablePolicy state to delete protec=
ted variables<br>
&gt;&nbsp;&nbsp; SecurityPkg: Allow VariablePolicy state to delete authent=
icated<br>
&gt;&nbsp;&nbsp;&nbsp;&nbsp; variables<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Change TCG MOR variables to use VariablePol=
icy<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Drop VarLock from RuntimeDxe variable drive=
r<br>
&gt;&nbsp;&nbsp; MdeModulePkg: Add a shell-based functional test for Varia=
blePolicy<br>
&gt;&nbsp;&nbsp; OvmfPkg: Add VariablePolicy engine to OvmfPkg platform<br=
>
&gt;&nbsp;&nbsp; EmulatorPkg: Add VariablePolicy engine to EmulatorPkg pla=
tform<br>
&gt; <br>
&gt;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.c&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 318 &#43;&#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelp=
erLib.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 396 &#43;&#43;&#43;&#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitN=
ull.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 46 &#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyExtraInitR=
untimeDxe.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 85 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 806 &#43;&#43;&#43;&#43;&#43;&#43;&#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/V=
ariablePolicyUnitTest.c&nbsp;&nbsp; | 2285 &#43;&#43;&#43;&#43;&#43;&#43;&#=
43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariableP=
olicyFuncTestApp.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; | 1942 &#43;&#=
43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#43;&#=
43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockDxe.c&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 52 &#43;-<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 60 &#43;-<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VarCheck.c&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 49 &#43;-<=
br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableDxe.c&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 53 &#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableLockRequstTo=
Lock.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 71 &#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariablePolicySmmDxe=
.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 6=
53 &#43;&#43;&#43;&#43;&#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx=
e.c&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; =
14 &#43;<br>
&gt;&nbsp; SecurityPkg/Library/AuthVariableLib/AuthService.c&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nb=
sp;&nbsp; 22 &#43;-<br>
&gt;&nbsp; EmulatorPkg/EmulatorPkg.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 6 &#43;<br>
&gt;&nbsp; MdeModulePkg/Include/Guid/VarCheckPolicyMmi.h&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 54 &#43;<br>
&gt;&nbsp; MdeModulePkg/Include/Library/VariablePolicyHelperLib.h&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp; 164 &#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Include/Library/VariablePolicyLib.h&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
 |&nbsp; 207 &#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Include/Protocol/VariablePolicy.h&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp; |&nbsp; 157 &#43;&#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.inf&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 44 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VarCheckPolicyLib/VarCheckPolicyLib.uni&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 12 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelp=
erLib.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 36 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelp=
erLib.uni&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 12 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.inf&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 44 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.uni&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp; |&nbsp;&nbsp; 12 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLibRuntime=
Dxe.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 52 &#43;<br>
&gt;&nbsp; MdeModulePkg/Library/VariablePolicyLib/VariablePolicyUnitTest/V=
ariablePolicyUnitTest.inf |&nbsp;&nbsp; 41 &#43;<br>
&gt;&nbsp; MdeModulePkg/MdeModulePkg.ci.yaml&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
 |&nbsp;&nbsp;&nbsp; 4 &#43;-<br>
&gt;&nbsp; MdeModulePkg/MdeModulePkg.dec&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 26 &#43;-<br>
&gt;&nbsp; MdeModulePkg/MdeModulePkg.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 15 &#43;<br>
&gt;&nbsp; MdeModulePkg/Test/MdeModulePkgHostTest.dsc&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 11 &#43;<br>
&gt;&nbsp; MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/Readme.md=
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb=
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;=
 |&nbsp;&nbsp; 55 &#43;<br>
&gt;&nbsp; MdeModulePkg/Test/ShellTest/VariablePolicyFuncTestApp/VariableP=
olicyFuncTestApp.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 42 &#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableRuntimeDxe.i=
nf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&n=
bsp;&nbsp; 5 &#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmm.inf&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 4 &#43;<br>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableSmmRuntimeDx=
e.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp; 12 &#43;<b=
r>
&gt;&nbsp; MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm=
.inf&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp;=
 4 &#43;<br>
&gt;&nbsp; OvmfPkg/OvmfPkgIa32.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 8 &#=
43;<br>
&gt;&nbsp; OvmfPkg/OvmfPkgIa32X64.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs=
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&=
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 8 &#43;<br>
&gt;&nbsp; OvmfPkg/OvmfPkgX64.dsc&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp;=
 8 &#43;<br>
&gt;&nbsp; SecurityPkg/Library/AuthVariableLib/AuthVariableLib.inf&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp=
;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; |&nbsp;&nbsp;&nbsp; 2 &#43;<br>
&gt;&nbsp; 42 files changed, 7819 insertions(&#43;), 78 deletions(-)<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCh=
eckPolicyLib.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib=
/VariablePolicyHelperLib.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyExtraInitNull.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyExtraInitRuntimeDxe.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyLib.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyUnitTest/VariablePolicyUnitTest.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFu=
ncTestApp/VariablePolicyFuncTestApp.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/V=
ariableLockRequstToLock.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Universal/Variable/RuntimeDxe/V=
ariablePolicySmmDxe.c<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Include/Guid/VarCheckPolicyMmi.=
h<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Include/Library/VariablePolicyH=
elperLib.h<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Include/Library/VariablePolicyL=
ib.h<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Include/Protocol/VariablePolicy=
.h<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCh=
eckPolicyLib.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VarCheckPolicyLib/VarCh=
eckPolicyLib.uni<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib=
/VariablePolicyHelperLib.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyHelperLib=
/VariablePolicyHelperLib.uni<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyLib.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyLib.uni<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyLibRuntimeDxe.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Library/VariablePolicyLib/Varia=
blePolicyUnitTest/VariablePolicyUnitTest.inf<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFu=
ncTestApp/Readme.md<br>
&gt;&nbsp; create mode 100644 MdeModulePkg/Test/ShellTest/VariablePolicyFu=
ncTestApp/VariablePolicyFuncTestApp.inf<br>
&gt; <br>
<br>
<br>
<br>
<br>
</div>
</span></font></div>
</body>
</html>

--_000_CY4PR21MB0743A3D89C9BE5668345C254EFBF0CY4PR21MB0743namp_--