From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mga03.intel.com (mga03.intel.com [134.134.136.65])
 by mx.groups.io with SMTP id smtpd.web11.20882.1683268235389532049
 for <devel@edk2.groups.io>;
 Thu, 04 May 2023 23:30:35 -0700
Authentication-Results: mx.groups.io;
 dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=Yq2wwnl3;
 spf=pass (domain: intel.com, ip: 134.134.136.65, mailfrom: jiewen.yao@intel.com)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;
  t=1683268235; x=1714804235;
  h=from:to:cc:subject:date:message-id:references:
   in-reply-to:content-transfer-encoding:mime-version;
  bh=8VkxQ1R4GrArrzQRpdGFa806UgZvxJZ9DdwO9sOPIMM=;
  b=Yq2wwnl3QB+COG/RXTHRR4tu5nAyVCsDteoU5WmUPt/b1uFB69Xpmph4
   8pXk11+L6Fz0A8b0WWdJ2nXGjln57mLpoGa8pI8/uVm6Vq48Lr8NBIhUD
   zZA+zGyckMCwQOBzqfpKJZVlHsFh/ndNg1oMwn59J3LwerOcVgY7mY/45
   B/Es5ycbpn+xIHUCNIahQMQvIo0EgdAN9lRQsa+uzM0bpN09lbm5OfG/t
   o8eMdFv9YENCKQwYs+AqCmWE7pxZE+9llbVuwRJj7b9yIr0E377k2IyAj
   7YJBvkVY6zfi/4j944nD2mWMmxWuXd8AifBmNAKhm/M9TQKufzcpWqGPl
   A==;
X-IronPort-AV: E=McAfee;i="6600,9927,10700"; a="352183232"
X-IronPort-AV: E=Sophos;i="5.99,251,1677571200"; 
   d="scan'208";a="352183232"
Received: from fmsmga001.fm.intel.com ([10.253.24.23])
  by orsmga103.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 May 2023 23:30:35 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10700"; a="841560586"
X-IronPort-AV: E=Sophos;i="5.99,251,1677571200"; 
   d="scan'208";a="841560586"
Received: from orsmsx602.amr.corp.intel.com ([10.22.229.15])
  by fmsmga001.fm.intel.com with ESMTP; 04 May 2023 23:30:34 -0700
Received: from orsmsx610.amr.corp.intel.com (10.22.229.23) by
 ORSMSX602.amr.corp.intel.com (10.22.229.15) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.23; Thu, 4 May 2023 23:30:34 -0700
Received: from orsmsx603.amr.corp.intel.com (10.22.229.16) by
 ORSMSX610.amr.corp.intel.com (10.22.229.23) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.23; Thu, 4 May 2023 23:30:33 -0700
Received: from orsedg603.ED.cps.intel.com (10.7.248.4) by
 orsmsx603.amr.corp.intel.com (10.22.229.16) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.23 via Frontend Transport; Thu, 4 May 2023 23:30:33 -0700
Received: from NAM04-DM6-obe.outbound.protection.outlook.com (104.47.73.41) by
 edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.23; Thu, 4 May 2023 23:30:31 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=F+OhTxqsakzNt5YA/8n9/SWhcxVuX47WCEfP6LpktK51jgBJRgikhaOdj/Ql5yk4exFXhx4Vncn7Ft0PFLu9KXR07sRdrT5QN4pdNNWpjbAnt9R7fu2ZOQCPlI3br5Ox2IjKr7IjB597ku4O4jK8rumgEdh3Ccd862eP7rssQSNG/JFTlLaKTc0wUm220IFHjSuRqGQLESFXjf0Zg7D5znz+YmruwLLrZrD92cH9EV7kio/tI91NGqa7FccAQiYGb+olW+m3u8tBew4sZ0DzZZxSL8dGdbCPjBP2ovn0RIMnM0Olgrz9cmZM+5tOJMDXlOzeTLoCNEbJ2zRJk+w+Zw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=QYqohCsDbbmuQwX3MMHiMJi636swB/1ELA7cNNDjpcY=;
 b=SLvEAxjptMe3NpwD8rDgTTu3ZcFVJUMUIA+iW9Bafe8Oi4tQrVN+b+pp1ZCxKPaU6KLHhsLIo7DcJBNzgrAW8AZQaqCzdNmM8c/lTdjgzV7mrt7bAZzC+KRetVRhXf1px5dxoG6lop4lyhoQ9wvAZ/X2WvyFW6/SBIr73poAWD8Fd7jHRkkI3BZC1rFRA3QeS5ZlpKd2LrdhiQso3jj1QqM6KZH+rxX6pFWADqwzkeJw3YTSo1Q3BvGF8GzqC5pEpAjiVInLqBRrYsOvIv5YFrC/k80ciQTcqehj3ItqBIWMeCM7pojJ0z8H0MJHAJ6hfxqFL2KQHbPfSiVY++09Gw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14)
 by SA1PR11MB6870.namprd11.prod.outlook.com (2603:10b6:806:2b4::16) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.26; Fri, 5 May
 2023 06:30:23 +0000
Received: from MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::48e9:aeb0:c365:388]) by MW4PR11MB5872.namprd11.prod.outlook.com
 ([fe80::48e9:aeb0:c365:388%6]) with mapi id 15.20.6363.026; Fri, 5 May 2023
 06:30:23 +0000
From: "Yao, Jiewen" <jiewen.yao@intel.com>
To: "devel@edk2.groups.io" <devel@edk2.groups.io>, "Yao, Jiewen"
	<jiewen.yao@intel.com>, "Liu, Linus" <linus.liu@intel.com>
CC: FST-FIR-PRC <fst-fir-prc@intel.com>, FST FIR Server
	<fst.fir.server@intel.com>, "Chu, Maggie" <maggie.chu@intel.com>
Subject: Re: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy
Thread-Topic: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update
 HddPasswordDxeInit to use Variable Policy
Thread-Index: AQHZbFwCEyp1DQojiUOhgZhU7VP89a9HSFQQgACNz0CAAAvGMIABu1PQgAFQMhCAAG/OsA==
Date: Fri, 5 May 2023 06:30:23 +0000
Message-ID: <MW4PR11MB5872B7E82B7A3147BC3641DE8C729@MW4PR11MB5872.namprd11.prod.outlook.com>
References: <20230411095524.1668-1-linus.liu@intel.com>
 <MW4PR11MB587282D17F261BBF85E682168C6F9@MW4PR11MB5872.namprd11.prod.outlook.com>
 <PH7PR11MB58886E2B2CFAC29E774D9A62FC6C9@PH7PR11MB5888.namprd11.prod.outlook.com>
 <MW4PR11MB58724B87C8FC4589D028B30C8C6C9@MW4PR11MB5872.namprd11.prod.outlook.com>
 <PH7PR11MB588843006A63AFD5518B8C03FC6D9@PH7PR11MB5888.namprd11.prod.outlook.com>
 <175C15AECAAF6F6F.898@groups.io>
In-Reply-To: <175C15AECAAF6F6F.898@groups.io>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
authentication-results: dkim=none (message not signed)
 header.d=none;dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|SA1PR11MB6870:EE_
x-ms-office365-filtering-correlation-id: 73cc2ae9-2f50-4c0c-cf4c-08db4d3234ce
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: x7WJ2TjxKx+Necjw4hZul8U8W2qbqbnBrCpHxpcfohRVWVFAJyOiEx4E0tyu22TyZr9sshDyI/LTY1lawiGiPQ+hqgGoYhOX/sZyXbPoS4GoNE0Y7vsZc7CjR41i8fREdi/aX8SttJipyuv9HbIUE+Tuef8pf/ceFJZ9l9oM+wU4Se9GmdQ/OoSVuvmSQYELIIjt1k0msKZZtnEVqRdnRzQdkDeKFXO/XllS1+tahZTZQNcQ20d2Ou/fR6HY2QcUBs1bpBkL8h8GX3AiRSNGwcg8TnwqNdsiNU1aYfYrfbhqUIMqNmZzD9J+bkZAu6HpNak7FDgxzlPAxXF/ZSLsjW4+ATva+85lOZEJag+4wtx5f1bYz5PnCGhD6XK7ODc5ayzOPxDXzG74v+T1TRLmKuKn8Dtmp6POHBVYL8dlkwj6JQjOxgElLAbeQiSUr/CLf/5Mu0j4g4t7j8SMRiQmM1A6TWj8vc0ls8253l6M+Koyit0tRm4NrGftaT1KOHOYMdUREycBP+O5NLiKOpHBmQ9RTvSayOWY0q0qiM2uNHxT1pxYhHdDg8ikRz0EhQde5Hs51n8fVjim0jQMlp1W933SHQTLHjScylD3YGi2444ppo0TMBc/RCd5SctyI/ukJi2Qz8Mr5WlLX5LK19p9pQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(136003)(39860400002)(396003)(366004)(376002)(346002)(451199021)(5660300002)(54906003)(478600001)(110136005)(7696005)(71200400001)(15650500001)(41300700001)(8676002)(8936002)(2906002)(966005)(316002)(6506007)(30864003)(107886003)(66899021)(9686003)(64756008)(4326008)(6636002)(66946007)(52536014)(66476007)(76116006)(66556008)(66446008)(53546011)(33656002)(186003)(86362001)(38070700005)(38100700002)(82960400001)(55016003)(122000001)(83380400001);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?iLh3FE3PaHDhO5PU19GiHd8DeYk7NVy0Id1mnDAa6Lck4MU4YyCo23Ei3B2Q?=
 =?us-ascii?Q?BwjL9RlDZRKNVRigCl7ExDrTqQg951OHhvWBo6QDrCmACMEjh8eD9ToJELMN?=
 =?us-ascii?Q?DArqquEefc8Z93fxtcMYUD2ohNaAumBZOWSXn2oRdGyOTKb51ABJPk5X0E0N?=
 =?us-ascii?Q?HDboOWlkSXwC6/2krL9vpJR0brKi5kI4dTEICbQz+I/fyg6oRhm7R1p2uT7p?=
 =?us-ascii?Q?/tYd7QSdsRGMy86HvDpfuSMNlQ81R9NFxcmaj8KJcDW/Q1xKIEQidLP98/ps?=
 =?us-ascii?Q?m27DovZ9hiJ6dERGZ9LvdRiKsHAFHvcxNGSEt8Cr5FNhBYofM5i5ccLQVjlr?=
 =?us-ascii?Q?afMgK6eTaAuRo9J2JLYG97s4fk2kAiVD29uMeMtkVmjbIgva3Oj+V0zuFror?=
 =?us-ascii?Q?E3KeBLLTlMvDkJptxvkaoL+cUY1RzQ5+gABiIppeNNOvkG2bgNnEdJz/Mg9C?=
 =?us-ascii?Q?e8tTGHmWXEEUDwGE8OyGpeqSSm140qLD55qhykYNfNfiBHCWUi6QD+gkizOU?=
 =?us-ascii?Q?+BcQgc26EZp6ACwYMaCWPgw17IvFRmVMSx1J0Xn6xGFnmHxxrx04P3sQfJsY?=
 =?us-ascii?Q?HL38QKOLxNFQuBY/HCviQJoLcQmdEWQcwAlpEgbEV4yMgv8YoOU2loy3T+kR?=
 =?us-ascii?Q?Oh4WGKzxKeQ2HlEiVuqtcsVDso6ZAjvoGnyP5hiAMJdsIpzYLuFJRg0I9ZAX?=
 =?us-ascii?Q?z8Zo2xNWPF8bOMT706dDbwDJ+xBdOlLf/6jjExJAwh6iHJnzuAAxWCtR28JM?=
 =?us-ascii?Q?M7oiRTkESArr7A52HqyHUfBUOChxbiKLqmTx0PyiI2OA5oqWq+v5VTluFi7w?=
 =?us-ascii?Q?UDSKViaQQZLyAXmOLqdRBobyXg2VwXHBhhejhmEA8vBGEceR/I2uEgrlc72M?=
 =?us-ascii?Q?Q+9fEo4Ml1MYIBDriEQcMXXd+etJ1WW66W/6H1T/FJg/6ZkhSp13q8qR5hKj?=
 =?us-ascii?Q?rxnrRzUBCSgsaSUFbQWWalNZ/x7I6J6jGRy5p0srVoy4N3wDD5ljnVz25Qpq?=
 =?us-ascii?Q?UI3Tihk1jRMsB2QsqSgyAyXzdxCZyysWHnGppLGwapSbYK+/F04CsPLG7JIW?=
 =?us-ascii?Q?czcpSzLLMdNQq2uiZ/1IqKLX4VYnQyozQLQ8sCMfVeGBidb4Slz3KRSNY25B?=
 =?us-ascii?Q?Kq2ADhkC2F5UEk4se2+qgcgyLK4U/slppo3JZTkhhKffBbT5jSRv7a3i8F+D?=
 =?us-ascii?Q?pPYtyobDMFGjtckSr+G258aq4q35JyhiGY1iBR6tG7XK5hkO84sHxCz1FUL2?=
 =?us-ascii?Q?MidKp/OFhGAra3cF8pCi8u5ANs6ge89nj+Rvg2HaPrmypLkOjd31+EoInqgE?=
 =?us-ascii?Q?6JmT/d2HNf/FmJWjgMXlAouEIbU8QxQXenINM5mcnePamA7XslSZVKLQlHeg?=
 =?us-ascii?Q?ywFEWVyYLD4bAID3IwTcn/ZB2brEuiEWR4h/h2GbsbVYcGXZn8TJr3aXhmrF?=
 =?us-ascii?Q?0UxazjHyINPOhAcSck/eCGIK7K6Za+WskBqkkU7dJzDEf6thnvaucI37K/7f?=
 =?us-ascii?Q?1pN9G8L3ZYJzXyKbjGg5XFribvt4KXRRE3QteZo3lsO7mxi+ecGVLf40S24E?=
 =?us-ascii?Q?Ya/B7Tsyn18M9DEu5Cw=3D?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 73cc2ae9-2f50-4c0c-cf4c-08db4d3234ce
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 May 2023 06:30:23.2176
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: y0GkvsyBo0w+xl+LxXYn2+rp2p3WKgpPRhlM6Jpq9F3al58IpkJkwbeCIxLX/c1suggskDqhhvg2Lel2OTqicA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR11MB6870
Return-Path: jiewen.yao@intel.com
X-OriginatorOrg: intel.com
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

It seems CI failure - https://github.com/tianocore/edk2/pull/4334

Have you run CI before?



> -----Original Message-----
> From: devel@edk2.groups.io <devel@edk2.groups.io> On Behalf Of Yao,
> Jiewen
> Sent: Friday, May 5, 2023 7:50 AM
> To: Liu, Linus <linus.liu@intel.com>; devel@edk2.groups.io
> Cc: FST-FIR-PRC <fst-fir-prc@intel.com>; FST FIR Server
> <fst.fir.server@intel.com>; Chu, Maggie <maggie.chu@intel.com>
> Subject: Re: [edk2-devel] [PATCH] Securitypkg/hddpassword: Update
> HddPasswordDxeInit to use Variable Policy
>=20
> Sounds good. Thank you very much!
>=20
> Reviewed-by: Jiewen Yao <Jiewen.yao@intel.com>
>=20
> > -----Original Message-----
> > From: Liu, Linus <linus.liu@intel.com>
> > Sent: Thursday, May 4, 2023 11:51 AM
> > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> > Cc: FST-FIR-PRC <fst-fir-prc@intel.com>; FST FIR Server
> > <fst.fir.server@intel.com>; Chu, Maggie <maggie.chu@intel.com>
> > Subject: RE: [PATCH] Securitypkg/hddpassword: Update
> HddPasswordDxeInit
> > to use Variable Policy
> >
> > Hi Jieewn
> > Please refer the below reply.
> >
> > Have you done any function test? For example:
> > 1) The HDD password feature still works?
> >  Linus : yes , HDD password feature still works.
> >
> > 2) The variable is really locked?
> >  Linus : I've tried using dmpstore command to write HDDPassword in UEFI
> > Shell. Can't override it.
> >
> > Please refer to the below log.
> > [2023-05-04 11:42:11.046] FS1:\> dmpstore -guid 737cded7-448b-4801-
> > b57d-b19483ec606F -s HDDHDDPwd.txt
> > [2023-05-04 11:42:18.835] Save variable to file: HDDPwd.txt.
> > [2023-05-04 11:42:18.909] Variable NV+BS '737CDED7-448B-4801-B57D-
> > B19483EC606F:HddPassword' DataSize =3D 0x48
> > [2023-05-04 11:42:42.859] Load and set variables from file: HDDPwd.txt.
> > [2023-05-04 11:42:42.934] Variable NV+BS '737CDED7-448B-4801-B57D-
> > B19483EC606F:HddPassword' DataSize =3D 0x48
> > [2023-05-04 11:42:43.082] dmpstore: Failed to set variable HddPassword:
> > Write Protected.
> >
> >
> > Thanks.
> >
> > -----Original Message-----
> > From: Yao, Jiewen <jiewen.yao@intel.com>
> > Sent: Wednesday, May 3, 2023 9:21 AM
> > To: Liu, Linus <linus.liu@intel.com>; devel@edk2.groups.io
> > Cc: FST-FIR-PRC <fst-fir-prc@intel.com>; FST FIR Server
> > <fst.fir.server@intel.com>; Chu, Maggie <maggie.chu@intel.com>
> > Subject: RE: [PATCH] Securitypkg/hddpassword: Update
> HddPasswordDxeInit
> > to use Variable Policy
> >
> > That only proves that you did change the interface. But that cannot pro=
ve
> > you change it right.
> >
> > Have you done any function test? For example:
> > 1) The HDD password feature still works?
> > 2) The variable is really locked?
> >
> >
> > > -----Original Message-----
> > > From: Liu, Linus <linus.liu@intel.com>
> > > Sent: Wednesday, May 3, 2023 8:40 AM
> > > To: Yao, Jiewen <jiewen.yao@intel.com>; devel@edk2.groups.io
> > > Cc: FST-FIR-PRC <fst-fir-prc@intel.com>; FST FIR Server
> > > <fst.fir.server@intel.com>; Chu, Maggie <maggie.chu@intel.com>
> > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update
> > > HddPasswordDxeInit to use Variable Policy
> > >
> > > Hi Jiewen
> > > I add this patch into MTLS platform and collect the log.
> > > The below is before adding patch and after adding patch. There is no
> > > warring message.
> > >
> > >
> > > Before
> > >
> > > InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B
> > > 67E4C490
> > > InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385
> > > 68180030
> > > !!! DEPRECATED INTERFACE !!! VariableLockRequestToLock() will go
> away
> > > soon!
> > > !!! DEPRECATED INTERFACE !!! Please move to use Variable Policy!
> > > !!! DEPRECATED INTERFACE !!! Variable: 737CDED7-448B-4801-B57D-
> > > B19483EC606F HddPassword
> > > HddPasswordDxeInit(): Lock HddPassword variable (Success)
> > >
> > >
> > > After
> > >
> > > InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B
> > > 67EA1370
> > > InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385
> > > 68153DB0
> > > HddPasswordDxeInit(): Lock HddPassword variable (Success)
> > >
> > >
> > > Thanks
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Yao, Jiewen <jiewen.yao@intel.com>
> > > Sent: Wednesday, May 3, 2023 12:11 AM
> > > To: Liu, Linus <linus.liu@intel.com>; devel@edk2.groups.io
> > > Cc: FST-FIR-PRC <fst-fir-prc@intel.com>; FST FIR Server
> > > <fst.fir.server@intel.com>; Chu, Maggie <maggie.chu@intel.com>
> > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update
> > > HddPasswordDxeInit to use Variable Policy
> > >
> > > Thanks. The patch loos good to me.
> > >
> > > Would you please share with us, how you validate the patch?
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Liu, Linus <linus.liu@intel.com>
> > > > Sent: Tuesday, April 11, 2023 5:55 PM
> > > > To: devel@edk2.groups.io
> > > > Cc: Yao, Jiewen <jiewen.yao@intel.com>; FST-FIR-PRC <fst-fir-
> > > > prc@intel.com>; FST FIR Server <fst.fir.server@intel.com>; Chu,
> > > > Maggie <maggie.chu@intel.com>
> > > > Subject: [PATCH] Securitypkg/hddpassword: Update
> HddPasswordDxeInit
> > > to
> > > > use Variable Policy
> > > >
> > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408
> > > >
> > > > Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c
> > > > Cc: Jiewen Yao <jiewen.yao@intel.com>
> > > > Cc: FST-FIR-PRC <fst-fir-prc@intel.com>
> > > > Cc: FST FIR Server C <fst.fir.server@intel.com>
> > > > Cc: Maggie Chu <maggie.chu@intel.com>
> > > > Signed-off-by: Linus Liu <linus.liu@intel.com>
> > > > ---
> > > >  SecurityPkg/HddPassword/HddPasswordDxe.c   | 16 +++++++++++-----
> > > >  SecurityPkg/HddPassword/HddPasswordDxe.h   |  1 -
> > > >  SecurityPkg/HddPassword/HddPasswordDxe.inf |  3 ++-
> > > >  SecurityPkg/SecurityPkg.dsc                |  1 +
> > > >  4 files changed, 14 insertions(+), 7 deletions(-)
> > > >
> > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c
> > > > b/SecurityPkg/HddPassword/HddPasswordDxe.c
> > > > index a1a63b67a4..c20fdbe83f 100644
> > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.c
> > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c
> > > > @@ -9,6 +9,7 @@
> > > >  **/
> > > >
> > > >
> > > >
> > > >  #include "HddPasswordDxe.h"
> > > >
> > > > +#include <Library/VariablePolicyHelperLib.h>
> > > >
> > > >
> > > >
> > > >  EFI_GUID    mHddPasswordVendorGuid          =3D
> > > > HDD_PASSWORD_CONFIG_GUID;
> > > >
> > > >  CHAR16      mHddPasswordVendorStorageName[] =3D
> > > > L"HDD_PASSWORD_CONFIG";
> > > >
> > > > @@ -2822,7 +2823,7 @@ HddPasswordDxeInit (
> > > >    HDD_PASSWORD_DXE_PRIVATE_DATA  *Private;
> > > >
> > > >    VOID                           *Registration;
> > > >
> > > >    EFI_EVENT                      EndOfDxeEvent;
> > > >
> > > > -  EDKII_VARIABLE_LOCK_PROTOCOL   *VariableLock;
> > > >
> > > > +  EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy;
> > > >
> > > >
> > > >
> > > >    Private =3D NULL;
> > > >
> > > >
> > > >
> > > > @@ -2858,12 +2859,17 @@ HddPasswordDxeInit (
> > > >    //
> > > >
> > > >    // Make HDD_PASSWORD_VARIABLE_NAME variable read-only.
> > > >
> > > >    //
> > > >
> > > > -  Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid,
> > > > NULL, (VOID **)&VariableLock);
> > > >
> > > > +  Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGui=
d,
> > > > + NULL,
> > > > (VOID **)&VariablePolicy);
> > > >
> > > >    if (!EFI_ERROR (Status)) {
> > > >
> > > > -    Status =3D VariableLock->RequestToLock (
> > > >
> > > > -                             VariableLock,
> > > >
> > > > +    Status =3D RegisterBasicVariablePolicy (
> > > >
> > > > +                             VariablePolicy,
> > > >
> > > > +                             &mHddPasswordVendorGuid,
> > > >
> > > >                               HDD_PASSWORD_VARIABLE_NAME,
> > > >
> > > > -                             &mHddPasswordVendorGuid
> > > >
> > > > +                             VARIABLE_POLICY_NO_MIN_SIZE,
> > > >
> > > > +                             VARIABLE_POLICY_NO_MAX_SIZE,
> > > >
> > > > +                             VARIABLE_POLICY_NO_MUST_ATTR,
> > > >
> > > > +                             VARIABLE_POLICY_NO_CANT_ATTR,
> > > >
> > > > +                             VARIABLE_POLICY_TYPE_LOCK_NOW
> > > >
> > > >                               );
> > > >
> > > >      DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n",
> > > > __FUNCTION__, HDD_PASSWORD_VARIABLE_NAME, Status));
> > > >
> > > >      ASSERT_EFI_ERROR (Status);
> > > >
> > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h
> > > > b/SecurityPkg/HddPassword/HddPasswordDxe.h
> > > > index 231533e737..049a208794 100644
> > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.h
> > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h
> > > > @@ -17,7 +17,6 @@
> > > >  #include <Protocol/AtaPassThru.h>
> > > >
> > > >  #include <Protocol/PciIo.h>
> > > >
> > > >  #include <Protocol/HiiConfigAccess.h>
> > > >
> > > > -#include <Protocol/VariableLock.h>
> > > >
> > > >
> > > >
> > > >  #include <Guid/MdeModuleHii.h>
> > > >
> > > >  #include <Guid/EventGroup.h>
> > > >
> > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf
> > > > b/SecurityPkg/HddPassword/HddPasswordDxe.inf
> > > > index 06e8755ffc..2c0ebbcc78 100644
> > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf
> > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf
> > > > @@ -50,6 +50,7 @@
> > > >    PrintLib
> > > >
> > > >    UefiLib
> > > >
> > > >    LockBoxLib
> > > >
> > > > +  VariablePolicyHelperLib
> > > >
> > > >    S3BootScriptLib
> > > >
> > > >    PciLib
> > > >
> > > >    BaseCryptLib
> > > >
> > > > @@ -63,7 +64,7 @@
> > > >    gEfiHiiConfigAccessProtocolGuid               ## PRODUCES
> > > >
> > > >    gEfiAtaPassThruProtocolGuid                   ## CONSUMES
> > > >
> > > >    gEfiPciIoProtocolGuid                         ## CONSUMES
> > > >
> > > > -  gEdkiiVariableLockProtocolGuid                ## CONSUMES
> > > >
> > > > +  gEdkiiVariablePolicyProtocolGuid              ## CONSUMES
> > > >
> > > >
> > > >
> > > >  [Pcd]
> > > >
> > > >    gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt  ##
> > > CONSUMES
> > > >
> > > > diff --git a/SecurityPkg/SecurityPkg.dsc
> > > > b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 100644
> > > > --- a/SecurityPkg/SecurityPkg.dsc
> > > > +++ b/SecurityPkg/SecurityPkg.dsc
> > > > @@ -74,6 +74,7 @@
> > > >
> > > >
> PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibV
> > > > PlatformPKProtectionLib|ar
> > > > PlatformPKProtectionLib|Po
> > > > licy/PlatformPKProtectionLibVarPolicy.inf
> > > >
> > > >
> > > >
> SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariabl
> > > > SecureBootVariableProvisionLib|eP
> > > > SecureBootVariableProvisionLib|ro
> > > > visionLib/SecureBootVariableProvisionLib.inf
> > > >
> > > >    TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
> > > >
> > > > +
> > > >
> VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib
> > > > VariablePolicyHelperLib|/V
> > > > VariablePolicyHelperLib|ar
> > > > iablePolicyHelperLib.inf
> > > >
> > > >
> > > >
> > > >  [LibraryClasses.ARM, LibraryClasses.AARCH64]
> > > >
> > > >    #
> > > >
> > > > --
> > > > 2.33.1.windows.1
>=20
>=20
>=20
>=20
>=20