From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by mx.groups.io with SMTP id smtpd.web11.97629.1683509380516251724 for ; Sun, 07 May 2023 18:29:40 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=OVV68ABA; spf=pass (domain: intel.com, ip: 134.134.136.31, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683509380; x=1715045380; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=KQ1N0d/3jTxaQA+uo9QcC+64/gdz5IdtAz4JK/Rnx68=; b=OVV68ABAb0PbxKCK/0Rc4Oeo8dXWk8bh+i0qi/2xJkwQB62SNnsaTXvX UiOscyvj1C1FfFz6Y9ShL5Y3VTWdU51iVG6nbrARRT64hgyh2afGUijns lcxOUdjKOmllYFKDFgZgYM4h1m2iuv6dRMh2YU6tX5EhBfkSajtbT8UZ5 ekZsDVieO+P9gLOoUE29bgOT3pazzK+iG4gL/Gj5Fec/+i0ncfyCndGPE Mt1jNy8LmJBN4+AMOkbcTKu3jANhH/naTotq4P1Szl3xuXYxuLFs5Rn5Q JtRJfWXzRhAV8mZif9yexVFsDBBraI1KP9ybi+YXBPnsa8DEs+s7vahso g==; X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="412788490" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="412788490" Received: from orsmga005.jf.intel.com ([10.7.209.41]) by orsmga104.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 May 2023 18:29:39 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10703"; a="872605169" X-IronPort-AV: E=Sophos;i="5.99,258,1677571200"; d="scan'208";a="872605169" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by orsmga005.jf.intel.com with ESMTP; 07 May 2023 18:29:39 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sun, 7 May 2023 18:29:39 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Sun, 7 May 2023 18:29:39 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Sun, 7 May 2023 18:29:39 -0700 Received: from NAM04-BN8-obe.outbound.protection.outlook.com (104.47.74.48) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Sun, 7 May 2023 18:29:38 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=AuXgXKa81JyS2jUnnZzAr5hg7DhrnzYfVzcx61P8QRnQNsdc6hFw4oYpZwRbIzgRDKV6wRUh5R+60qLMpQMhIudSj9liTqpL57+nKeXGI5hwjhM4Ejqj3yc14CqVQtCbgH/f9l+KkalrmUjT6h3cGPW2IXi9e0h9SRcDZUaGAP0dBi97pRlbdGp0zZKerqzWMPFrvKtQhwrYg4JqdDUtLH3YBS8f90hD5WS6SYYavWwkUILkuqshmgxUnvPlBKrgcg31AncbrVYpSklEHX6k5CSvyPAXx84yPOSGgRS7jHArRdJGdB+8tRw5nygKb+yJOVHPelChvZCLiIerK3rjoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=iPrx4Y7iMxUIj4mN5TQo1W20Qz9R/IC2Ktvi3MQ8DCk=; b=SPpp0aHDbNw31i9IM8YqXeO6+2gkm0z//7FLQuvaJQwBCdfpmgW7RO0m1G9frXMtDuc2CqfF1SaMa5f4UpaRoFHvx5ff/UTU0oSiErhS8Q+5wR2Vmr0yolYcovlG2tft0RVtLOrrnZ0KBb17CcY/ueOgY5sMpgqw/6lkYexEj7RLIzF7LENkEzeax9g/IYgYdTjzwlRunlg0JEZqlMJweqxINlvaGcNfUryOO9KukFBml5pXXD58bQzGylZUt1eBmpOPOn6QczQRZUuDiUyixnTfvBDdgqTwWFCHT89rFS3Nb5iKb71MNDQZ176roW4cl0obO9SHpDkPLahZePl1hg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by MN0PR11MB6086.namprd11.prod.outlook.com (2603:10b6:208:3ce::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.27; Mon, 8 May 2023 01:29:36 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::48e9:aeb0:c365:388]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::48e9:aeb0:c365:388%6]) with mapi id 15.20.6363.032; Mon, 8 May 2023 01:29:35 +0000 From: "Yao, Jiewen" To: "Liu, Linus" , "devel@edk2.groups.io" CC: FST-FIR-PRC , FST FIR Server , "Chu, Maggie" Subject: Re: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Topic: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Index: AQHZbFwCEyp1DQojiUOhgZhU7VP89a9HSFQQgACNz0CAAAvGMIABu1PQgAFQMhCAAG/OsIAEW4cggAAGp7A= Date: Mon, 8 May 2023 01:29:35 +0000 Message-ID: References: <20230411095524.1668-1-linus.liu@intel.com> <175C15AECAAF6F6F.898@groups.io> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|MN0PR11MB6086:EE_ x-ms-office365-filtering-correlation-id: 6261b640-8b6a-476f-a553-08db4f63aef5 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: pLxrun05OZ8LR7w994aBK1mNKKV5kzOW21plrQZogCw6cwdjGTVZIOrXPXG2p4skP7DFGJLH2dMA5t7dIAwjmaeAVac/jzAlUUkjIYeqOKJrOPLSbzctK9/63hG8RQ9/KTYRg3T9xHJT7mETLko+C1SSl+Y54c71YJbUxYQt445EyPGd87zu/h8u+34fy/dgEXj9HRt8ohloSa4qJj/lhr57biu93jSIORvX/Re6J/ClT8OJEOw7RFs3sQFtT+17lYM0EcAuZ43W10ZoLnH2lH7HTBQHRSOdESdbVOSrVJ27wLxvajWOu4LmrFkfYQnhNrvMFjACTXuEr/QlvYOOw00TZCAODDXqtdsLb9VG6m8bFbCIdCjqH7QpEzfBp9+cMgHGezGi0o4qwKVsWvpSor0GQHmEm9+f3jwZhpLbfme/clJRZ9krahq5P+6QHmlFCpRwslnikyCYVjpbRMpCnoD0Qfnh2TejRe2t1JNeUVdq8RXiTyrMdqsx8oGk82z1F5zdfPwebbeAT4w+eR40dbxoM/vYNUCOzSODqlVtzU4bZFnVCoOTWsUkE4OgWOLDeiHTIIJ1qKIG7WUaQz8Mm5Mb0AQftFCnZKGgOJKk0zeLTVnSdJuJ/EXv7Dy6ddIk89aCBDbz3IYbTHF7kDrL9w== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(136003)(366004)(376002)(346002)(39860400002)(396003)(451199021)(33656002)(86362001)(71200400001)(966005)(316002)(54906003)(110136005)(4326008)(66946007)(76116006)(66556008)(64756008)(7696005)(66446008)(66476007)(478600001)(55016003)(15650500001)(8676002)(41300700001)(2906002)(5660300002)(52536014)(30864003)(8936002)(186003)(82960400001)(38100700002)(38070700005)(122000001)(6506007)(9686003)(26005)(53546011)(107886003)(83380400001)(66899021);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?24PFJivQIbw3fX6C3/Lb9G22fSX8fZqpLS/QbA/3OC5p00xkKxaNInQT0M5s?= =?us-ascii?Q?nvTto7QT+LoG4cz4EayhpnBRB9pdXtdauLVsUSyLvvF4B9gwQmLE1CmvmIdb?= =?us-ascii?Q?PFcGvqfBEOJRq1Oeuh04gx9izX1QC3rolv/IELSmbdOTcaH44qGB1osKE0JF?= =?us-ascii?Q?YDJSTu5w4yEYdM5ixiMQlALsC02jBAWbJ8cz+9kwkGLLHrojOV5R4BXYDkmy?= =?us-ascii?Q?bKmwfPL9gV0MBsHC78Ry4sYR3g2g6ke0JIb23YsoHzndq0+ZzYBttWEUF5kw?= =?us-ascii?Q?kZZDirMnQbArLKDqIImca6SJuCcMlhy86RoowiYY881XVZ+gVf721D1NRPu4?= =?us-ascii?Q?3iYiPbZkRjgUu3WYC76P8BF9p5l6pcwtgK1Kqajz2rEHinUOVtiKVeDjS1D+?= =?us-ascii?Q?soz1MVf/cVnZE30An+SXEBif55pxrWw82m5SOPCh1NHEmTzlmPMqc8B0WxUO?= =?us-ascii?Q?L3pB9MqVk9ZJtSYo8keX9fPWGfiW9cXZIh2tRmsx+3d0qk+NIPTQhEI7IHEE?= =?us-ascii?Q?bddKjkpLmLh95ZnD9UssRuMNfQO+qTvVmUh4ezke52Dxr9H5kNIRoibGeMQ/?= =?us-ascii?Q?aj6jPaDfi6bgXfAnOS/yLf/2Ip1PfkvV7TgUYT/gV8xGZcmu4ht+wHdW5j6Y?= =?us-ascii?Q?hzpMOOdKaILCXSnmeVyl9I9ZGIMoY+qdfVdEt+4bhKJL5+R4KrMsf005CR5Y?= =?us-ascii?Q?MtZTbhVs4cZ5XEnaOK4IUkxJ1vmKbQ9WiFi8o/4aehU3aWI5o0hY8QN/wn1K?= =?us-ascii?Q?Q3wD6x9Bn4FeaYRtn9LykIv4Ms9gC4epf31X6+ldL3CiDKlJm3uPg9kxYIKO?= =?us-ascii?Q?Urr/4Eqzp6Ssr5mzKI67SnUNKlG7mJ15e82Ivd1Ab4DciVKpW1Ovq1LSQvtx?= =?us-ascii?Q?zPmkpuM67BKtrm6NTpGarfBMKT1UWXJDGKEtSXLd460RlVNB8GBHGZGHw2ZR?= =?us-ascii?Q?Ti1Xg6TZqZ2BXMgEt5pNq9VJjva2yAJxPbHYRBB6FGfrEHFlooqsp2wqJeXx?= =?us-ascii?Q?9Mg6Wlg1DrzhBoRjXS2e5UMIXI98qAB5IDZDaygKvhapZoCYqL6gi9EZGMzj?= =?us-ascii?Q?UY0Ts/uKaoeEWazsWcqraCl75xf5JPpVgSg3UZFiejAKk4W7HVJwIpHT/ALd?= =?us-ascii?Q?RL91Lp9ce8d9wGwK3p21Y/3ILl0/UOS4jzYoJtEt/u3eKBR3KIwfccE3MhoC?= =?us-ascii?Q?vDOvFfuilT7WD1qxb1OQboO2mUjGmK6CI4Y6O3eka1ny9/GYMBAvdcmvdpEy?= =?us-ascii?Q?MLL0IKhAp4YxYm3hV2jvoWodY/9c/dsSJ+RacbexfpLXgnt1JU7Ul4NRdJfK?= =?us-ascii?Q?oHohXWLipkFSUV/Xe082eL9ZHh2b3PugtwwPLlosHAC5R3Rg19G2cqNL//Z0?= =?us-ascii?Q?momovmSk7ySiwuEIEbG2JaEfvbWV6WLKS9eDsw3jtegNXIid4ZRtVzCTfLX6?= =?us-ascii?Q?jgVrRBnLqzCOe1121UIR1vgY0H2xG+oPIpDxamB74OXnYVIGg8xs/ufkh21p?= =?us-ascii?Q?LmCxiwvkwDgu5pgPYikY6YJTZOeR+atNwurDcenaLV8Y+at8LZv+HR+r+r0H?= =?us-ascii?Q?42gSFf4fu0WSEyX3Oc/gPq4UGtJCgpK2GcdHhHVF?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6261b640-8b6a-476f-a553-08db4f63aef5 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 May 2023 01:29:35.8458 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +/UifvNmp67ECZBDIZfyNazzT/4xJNKFr42lvX8h/peGP4Go4oIeUWZ4c4TMA0BweJe1gQLa+gpFW0KGJWhlow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR11MB6086 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable https://github.com/tianocore/edk2/pull/4264 is from last month and it is ou= t of date. https://github.com/tianocore/edk2/pull/4334 failed in latest branch. Please try it again. Also, I see you always use [V1] in the patch title. That is very confusing. Please use V2, V3, etc whenever you send a new patch. Thank you Yao, Jiewen > -----Original Message----- > From: Liu, Linus > Sent: Monday, May 8, 2023 9:09 AM > To: Yao, Jiewen ; devel@edk2.groups.io > Cc: FST-FIR-PRC ; FST FIR Server > ; Chu, Maggie > Subject: RE: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update > HddPasswordDxeInit to use Variable Policy >=20 > Hi Jiewen > I did. > https://github.com/tianocore/edk2/pull/4264 >=20 > I think you used the previous patch. I've attached the latest patch. > Please help to check this . >=20 > Thanks. >=20 >=20 > -----Original Message----- > From: Yao, Jiewen > Sent: Friday, May 5, 2023 2:30 PM > To: devel@edk2.groups.io; Yao, Jiewen ; Liu, Linus > > Cc: FST-FIR-PRC ; FST FIR Server > ; Chu, Maggie > Subject: RE: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update > HddPasswordDxeInit to use Variable Policy >=20 > It seems CI failure - https://github.com/tianocore/edk2/pull/4334 >=20 > Have you run CI before? >=20 >=20 >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Yao, > > Jiewen > > Sent: Friday, May 5, 2023 7:50 AM > > To: Liu, Linus ; devel@edk2.groups.io > > Cc: FST-FIR-PRC ; FST FIR Server > > ; Chu, Maggie > > Subject: Re: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update > > HddPasswordDxeInit to use Variable Policy > > > > Sounds good. Thank you very much! > > > > Reviewed-by: Jiewen Yao > > > > > -----Original Message----- > > > From: Liu, Linus > > > Sent: Thursday, May 4, 2023 11:51 AM > > > To: Yao, Jiewen ; devel@edk2.groups.io > > > Cc: FST-FIR-PRC ; FST FIR Server > > > ; Chu, Maggie > > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update > > HddPasswordDxeInit > > > to use Variable Policy > > > > > > Hi Jieewn > > > Please refer the below reply. > > > > > > Have you done any function test? For example: > > > 1) The HDD password feature still works? > > > Linus : yes , HDD password feature still works. > > > > > > 2) The variable is really locked? > > > Linus : I've tried using dmpstore command to write HDDPassword in > > > UEFI Shell. Can't override it. > > > > > > Please refer to the below log. > > > [2023-05-04 11:42:11.046] FS1:\> dmpstore -guid 737cded7-448b-4801- > > > b57d-b19483ec606F -s HDDHDDPwd.txt > > > [2023-05-04 11:42:18.835] Save variable to file: HDDPwd.txt. > > > [2023-05-04 11:42:18.909] Variable NV+BS '737CDED7-448B-4801-B57D- > > > B19483EC606F:HddPassword' DataSize =3D 0x48 > > > [2023-05-04 11:42:42.859] Load and set variables from file: HDDPwd.tx= t. > > > [2023-05-04 11:42:42.934] Variable NV+BS '737CDED7-448B-4801-B57D- > > > B19483EC606F:HddPassword' DataSize =3D 0x48 > > > [2023-05-04 11:42:43.082] dmpstore: Failed to set variable HddPasswor= d: > > > Write Protected. > > > > > > > > > Thanks. > > > > > > -----Original Message----- > > > From: Yao, Jiewen > > > Sent: Wednesday, May 3, 2023 9:21 AM > > > To: Liu, Linus ; devel@edk2.groups.io > > > Cc: FST-FIR-PRC ; FST FIR Server > > > ; Chu, Maggie > > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update > > HddPasswordDxeInit > > > to use Variable Policy > > > > > > That only proves that you did change the interface. But that cannot > > > prove you change it right. > > > > > > Have you done any function test? For example: > > > 1) The HDD password feature still works? > > > 2) The variable is really locked? > > > > > > > > > > -----Original Message----- > > > > From: Liu, Linus > > > > Sent: Wednesday, May 3, 2023 8:40 AM > > > > To: Yao, Jiewen ; devel@edk2.groups.io > > > > Cc: FST-FIR-PRC ; FST FIR Server > > > > ; Chu, Maggie > > > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update > > > > HddPasswordDxeInit to use Variable Policy > > > > > > > > Hi Jiewen > > > > I add this patch into MTLS platform and collect the log. > > > > The below is before adding patch and after adding patch. There is > > > > no warring message. > > > > > > > > > > > > Before > > > > > > > > InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B > > > > 67E4C490 > > > > InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385 > > > > 68180030 > > > > !!! DEPRECATED INTERFACE !!! VariableLockRequestToLock() will go > > away > > > > soon! > > > > !!! DEPRECATED INTERFACE !!! Please move to use Variable Policy! > > > > !!! DEPRECATED INTERFACE !!! Variable: 737CDED7-448B-4801-B57D- > > > > B19483EC606F HddPassword > > > > HddPasswordDxeInit(): Lock HddPassword variable (Success) > > > > > > > > > > > > After > > > > > > > > InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B > > > > 67EA1370 > > > > InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385 > > > > 68153DB0 > > > > HddPasswordDxeInit(): Lock HddPassword variable (Success) > > > > > > > > > > > > Thanks > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: Yao, Jiewen > > > > Sent: Wednesday, May 3, 2023 12:11 AM > > > > To: Liu, Linus ; devel@edk2.groups.io > > > > Cc: FST-FIR-PRC ; FST FIR Server > > > > ; Chu, Maggie > > > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update > > > > HddPasswordDxeInit to use Variable Policy > > > > > > > > Thanks. The patch loos good to me. > > > > > > > > Would you please share with us, how you validate the patch? > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Liu, Linus > > > > > Sent: Tuesday, April 11, 2023 5:55 PM > > > > > To: devel@edk2.groups.io > > > > > Cc: Yao, Jiewen ; FST-FIR-PRC > > > > prc@intel.com>; FST FIR Server ; Chu, > > > > > Maggie > > > > > Subject: [PATCH] Securitypkg/hddpassword: Update > > HddPasswordDxeInit > > > > to > > > > > use Variable Policy > > > > > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 > > > > > > > > > > Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c > > > > > Cc: Jiewen Yao > > > > > Cc: FST-FIR-PRC > > > > > Cc: FST FIR Server C > > > > > Cc: Maggie Chu > > > > > Signed-off-by: Linus Liu > > > > > --- > > > > > SecurityPkg/HddPassword/HddPasswordDxe.c | 16 +++++++++++---- > - > > > > > SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - > > > > > SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- > > > > > SecurityPkg/SecurityPkg.dsc | 1 + > > > > > 4 files changed, 14 insertions(+), 7 deletions(-) > > > > > > > > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c > > > > > b/SecurityPkg/HddPassword/HddPasswordDxe.c > > > > > index a1a63b67a4..c20fdbe83f 100644 > > > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.c > > > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c > > > > > @@ -9,6 +9,7 @@ > > > > > **/ > > > > > > > > > > > > > > > > > > > > #include "HddPasswordDxe.h" > > > > > > > > > > +#include > > > > > > > > > > > > > > > > > > > > EFI_GUID mHddPasswordVendorGuid =3D > > > > > HDD_PASSWORD_CONFIG_GUID; > > > > > > > > > > CHAR16 mHddPasswordVendorStorageName[] =3D > > > > > L"HDD_PASSWORD_CONFIG"; > > > > > > > > > > @@ -2822,7 +2823,7 @@ HddPasswordDxeInit ( > > > > > HDD_PASSWORD_DXE_PRIVATE_DATA *Private; > > > > > > > > > > VOID *Registration; > > > > > > > > > > EFI_EVENT EndOfDxeEvent; > > > > > > > > > > - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; > > > > > > > > > > + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; > > > > > > > > > > > > > > > > > > > > Private =3D NULL; > > > > > > > > > > > > > > > > > > > > @@ -2858,12 +2859,17 @@ HddPasswordDxeInit ( > > > > > // > > > > > > > > > > // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. > > > > > > > > > > // > > > > > > > > > > - Status =3D gBS->LocateProtocol > > > > > (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLock); > > > > > > > > > > + Status =3D gBS->LocateProtocol > > > > > + (&gEdkiiVariablePolicyProtocolGuid, > > > > > + NULL, > > > > > (VOID **)&VariablePolicy); > > > > > > > > > > if (!EFI_ERROR (Status)) { > > > > > > > > > > - Status =3D VariableLock->RequestToLock ( > > > > > > > > > > - VariableLock, > > > > > > > > > > + Status =3D RegisterBasicVariablePolicy ( > > > > > > > > > > + VariablePolicy, > > > > > > > > > > + &mHddPasswordVendorGuid, > > > > > > > > > > HDD_PASSWORD_VARIABLE_NAME, > > > > > > > > > > - &mHddPasswordVendorGuid > > > > > > > > > > + VARIABLE_POLICY_NO_MIN_SIZE, > > > > > > > > > > + VARIABLE_POLICY_NO_MAX_SIZE, > > > > > > > > > > + VARIABLE_POLICY_NO_MUST_ATTR, > > > > > > > > > > + VARIABLE_POLICY_NO_CANT_ATTR, > > > > > > > > > > + VARIABLE_POLICY_TYPE_LOCK_NOW > > > > > > > > > > ); > > > > > > > > > > DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", > > > > > __FUNCTION__, HDD_PASSWORD_VARIABLE_NAME, Status)); > > > > > > > > > > ASSERT_EFI_ERROR (Status); > > > > > > > > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h > > > > > b/SecurityPkg/HddPassword/HddPasswordDxe.h > > > > > index 231533e737..049a208794 100644 > > > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.h > > > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h > > > > > @@ -17,7 +17,6 @@ > > > > > #include > > > > > > > > > > #include > > > > > > > > > > #include > > > > > > > > > > -#include > > > > > > > > > > > > > > > > > > > > #include > > > > > > > > > > #include > > > > > > > > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > > > b/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > > > index 06e8755ffc..2c0ebbcc78 100644 > > > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > > > @@ -50,6 +50,7 @@ > > > > > PrintLib > > > > > > > > > > UefiLib > > > > > > > > > > LockBoxLib > > > > > > > > > > + VariablePolicyHelperLib > > > > > > > > > > S3BootScriptLib > > > > > > > > > > PciLib > > > > > > > > > > BaseCryptLib > > > > > > > > > > @@ -63,7 +64,7 @@ > > > > > gEfiHiiConfigAccessProtocolGuid ## PRODUCES > > > > > > > > > > gEfiAtaPassThruProtocolGuid ## CONSUMES > > > > > > > > > > gEfiPciIoProtocolGuid ## CONSUMES > > > > > > > > > > - gEdkiiVariableLockProtocolGuid ## CONSUMES > > > > > > > > > > + gEdkiiVariablePolicyProtocolGuid ## CONSUMES > > > > > > > > > > > > > > > > > > > > [Pcd] > > > > > > > > > > gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## > > > > CONSUMES > > > > > > > > > > diff --git a/SecurityPkg/SecurityPkg.dsc > > > > > b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 > > > > > 100644 > > > > > --- a/SecurityPkg/SecurityPkg.dsc > > > > > +++ b/SecurityPkg/SecurityPkg.dsc > > > > > @@ -74,6 +74,7 @@ > > > > > > > > > > > > PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibV > > > > > PlatformPKProtectionLib|ar > > > > > PlatformPKProtectionLib|Po > > > > > licy/PlatformPKProtectionLibVarPolicy.inf > > > > > > > > > > > > > > > > > SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariabl > > > > > SecureBootVariableProvisionLib|eP ro > > > > > visionLib/SecureBootVariableProvisionLib.inf > > > > > > > > > > TdxLib|MdePkg/Library/TdxLib/TdxLib.inf > > > > > > > > > > + > > > > > > > VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib > > > > > VariablePolicyHelperLib|/V > > > > > VariablePolicyHelperLib|ar > > > > > iablePolicyHelperLib.inf > > > > > > > > > > > > > > > > > > > > [LibraryClasses.ARM, LibraryClasses.AARCH64] > > > > > > > > > > # > > > > > > > > > > -- > > > > > 2.33.1.windows.1 > > > > > > > >=20 > >