From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by mx.groups.io with SMTP id smtpd.web11.15541.1683244201008862485 for ; Thu, 04 May 2023 16:50:01 -0700 Authentication-Results: mx.groups.io; dkim=fail reason="unable to parse pub key" header.i=@intel.com header.s=intel header.b=QYJRfApi; spf=pass (domain: intel.com, ip: 134.134.136.100, mailfrom: jiewen.yao@intel.com) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1683244201; x=1714780201; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=j+h4C8qFwkqcaQiVVqV6eDq78+Za2nRP4/drUfB2bqE=; b=QYJRfApiqS/UKOMDLIWD4kv6pvZABRAGFp+PlU3ZE2Q5Re8e7V3KGO4D b9t9WzcGzvREFDhz4uQkLHT9XXpk2fD5MdoJEIVplGxofujETcjnxdmr8 X2g0EaPw3PxWCSexph5CDeduYanWWLh+D/sbGSh6ZCr4MUVmwecKYmzOX 8vZc1xtBSXylr9bXWqsI700T7Yh+EHpsm1LK9XXIGlBswn6iSug/M15O4 jcKRrpFZGjFcPLdktY73KARxF1QOunjg8/+iI+TZgazUnK9/4AAAEjPcw 95gMVk8v/LbyoI3ZJkBpOrzzHp+gNsSa6Nb09KCgsmxVByM2xlFhJ/aHY Q==; X-IronPort-AV: E=McAfee;i="6600,9927,10700"; a="414611835" X-IronPort-AV: E=Sophos;i="5.99,250,1677571200"; d="scan'208";a="414611835" Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 04 May 2023 16:50:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10700"; a="943569157" X-IronPort-AV: E=Sophos;i="5.99,250,1677571200"; d="scan'208";a="943569157" Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81]) by fmsmga006.fm.intel.com with ESMTP; 04 May 2023 16:50:00 -0700 Received: from fmsmsx612.amr.corp.intel.com (10.18.126.92) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 4 May 2023 16:49:59 -0700 Received: from fmsmsx610.amr.corp.intel.com (10.18.126.90) by fmsmsx612.amr.corp.intel.com (10.18.126.92) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23; Thu, 4 May 2023 16:49:59 -0700 Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by fmsmsx610.amr.corp.intel.com (10.18.126.90) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.23 via Frontend Transport; Thu, 4 May 2023 16:49:59 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.170) by edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.23; Thu, 4 May 2023 16:49:58 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=G2UyFXJdEaoWmNzpSs6J2icwspLfv7AzW6ED4jihiCi+D3QqNtPFDpe95X78h78N0DDLyeCo+1VphVSjP22E9ipnFn+bArW3M3MO340jvpNGfKi/pUdMcYtSDTpGPcklxduA/3dFY1tsFD8dth3ZxsSrTHBePH2EHAUs5mtgaLzngT5na5NlqCNsNzBa3MNwpfbYhdtSsIvgHe31dxHmWGKlO1gaSh/ZR0mSsMQjz00V8zKVRs/eKljz1H/M6zuyWFJOK9rxlJBokVapZXjbZx/DD9g1TxwbHzeh1CKvpf8WMEjKMgDG1rhp8HMPMfCNZwjSnffLMfVsmGpIpoGJCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UCDSWqEHTvTNigRMZe0oY0ltCBNmXYU3g1ZxGuAYgro=; b=eL8JSyA5cvFhxM3FNCM4KNhsQcE0fBccVbaWU5mKRBFhI+I53Sl0W606Eo+V+WjeEQ7YpBRQzS6jYjPA3IlTWZOQicvYmPk+5/I/rJH2RO9Qt3cOUbP58mmh5KBSKv7O1BET6XTghbGulr02WNYQmfr22QKBE4ppqOHDjctOnZgNh+4bAq3r4DQHLXm3B4ecjKlnB1LvZLxM1yiOrVubrUwaIb3iy3aAm0Xj8Uk5U1cx4VeMD0Z0I+gATDyG+6/2EKygli56pWL3zhBSXlCp7kysEpsj/LI6VOK0C+q3wGln6Z8PGi/b9jDZEo1V05qtnR3fKG6Et9TwvnUV0pDLUQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none Received: from MW4PR11MB5872.namprd11.prod.outlook.com (2603:10b6:303:169::14) by CY8PR11MB6985.namprd11.prod.outlook.com (2603:10b6:930:57::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.26; Thu, 4 May 2023 23:49:56 +0000 Received: from MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::48e9:aeb0:c365:388]) by MW4PR11MB5872.namprd11.prod.outlook.com ([fe80::48e9:aeb0:c365:388%6]) with mapi id 15.20.6363.026; Thu, 4 May 2023 23:49:56 +0000 From: "Yao, Jiewen" To: "Liu, Linus" , "devel@edk2.groups.io" CC: FST-FIR-PRC , FST FIR Server , "Chu, Maggie" Subject: Re: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Topic: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy Thread-Index: AQHZbFwCEyp1DQojiUOhgZhU7VP89a9HSFQQgACNz0CAAAvGMIABu1PQgAFQMhA= Date: Thu, 4 May 2023 23:49:56 +0000 Message-ID: References: <20230411095524.1668-1-linus.liu@intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-traffictypediagnostic: MW4PR11MB5872:EE_|CY8PR11MB6985:EE_ x-ms-office365-filtering-correlation-id: ba1d3190-fab1-446d-b88c-08db4cfa43b1 x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: zAH6E2vgpy9s1xlE3vDiRfeW0iuT3I2ebXy+S+TldelMVUkvq2yppzI6NtWcq6K/7vmq2cgiOfOyCLHuhvtNOY1RpBQAqXlMX8GslGK27XWFAjIqeUXB7EaqZYHbc8eNBVpTPBTAWvdiGesULbnKN8jzWmQaj1ZMNA61SdgVWV/UgYLsnTEJxZ+W5tEgt6PP/Tp3V8PfzEePz0YFirGGYR30a1pZT+gN9GO58v6OfKB/of+3uD+STbsXiCGqzlTUy4QOHFVxt1AuhuuXdupLpOrlgdYxraV8tC1bq/YzNhruEJhgy6e5c04SyOD/JVvkP0DjxZAxzFi1BnUV60l/R6yZx4pLlIsk0pH6pdFMQvVX5SIlRjBd+Hvy/vv0vyFiIBc22f8rkkgUXWAqoucM8yvivDht6AxgzMK2FYIq6GxCDFZp+CQfnIUN6yDnOqSr1ES9fNK/pef0FmuknM+mv+fDuSoP7VbcnuwxtKrazPVBvhvAhAN5N+gcNr5W3AD+4uoPXlRvtFZfKJgFFXe3UiEkXlwRS7I5wgRODPjqmaQr6wAsoNe2fbLMbkHYFJR5rPhdRuiaa+6I/e+qAd/0A6MJ+MJENqZjxD/IsbnOaww= x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:MW4PR11MB5872.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(366004)(39860400002)(346002)(376002)(396003)(136003)(451199021)(82960400001)(5660300002)(66476007)(8936002)(52536014)(8676002)(86362001)(71200400001)(186003)(107886003)(6506007)(9686003)(122000001)(38100700002)(83380400001)(38070700005)(53546011)(54906003)(41300700001)(478600001)(33656002)(110136005)(966005)(7696005)(66556008)(76116006)(66446008)(66946007)(55016003)(64756008)(4326008)(15650500001)(2906002)(316002);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?Hbz0cxXoeUJ0yZkzCARgebMZf1nnTWbgrux3G4YVTS8Pv2Z/Znu4UGZ7de4F?= =?us-ascii?Q?Yz/WQPwAdy7GIcUr8TGGYeLE8Ayanek9h4vaO/glJ6cEB/CmYGkWLBKD8uD7?= =?us-ascii?Q?cQ/jCMh0AHYrlqVnuHXZVIaoAunehHzlCP8iJGxWQ3NmCkPYslc/2aVtkEQh?= =?us-ascii?Q?qSlT8SvfE49+0ui6q8aHkcRyUn/mxG2My3OBWvDO0FtBqZUhviSRPPM4XJi5?= =?us-ascii?Q?5x+In+YzMFfcLtFFSswLyyJkK9hvQCEu9s4dK0L/DbtVFVDMYovnrIyhTvPs?= =?us-ascii?Q?Dxp9LfT0ZX4KJcz7ZFhh8v4Z1RJ8PK0wNTewJS8dHmrvKgTcUQzXTLXh9uzj?= =?us-ascii?Q?A20YebbU4gDEJG+G2y/Ziwf//iVDiEBhH+7TOycNcPBXM8B8BSdYr9kVMbK8?= =?us-ascii?Q?Ym5JtycaQz8aUNiDWqOg+EVSSV8bZ70YLfMPCREsCqekp7Ry1t/DbF25I8+0?= =?us-ascii?Q?CicPvm65DvX6qMLN7hx6KDRARY1lPiuAYFPCTIgBH1PEJg/PjmGgTuQPgfQ5?= =?us-ascii?Q?wwiY6NH7lCOjXqiYJ48LUOg0+xlGNM298hHah/MD9v2WWLvli6xGbYvm/6DR?= =?us-ascii?Q?S4C6HXoU14Kee6Cu0koGy64ugyuFXHJo8dQod4fdlEr6MckI6Sv/5c/QMmPl?= =?us-ascii?Q?LNW0QI9OnJ0loOeKS5mE35qbuOAbkCKJWdJFF0/XIMPTa+03qVpjBswq63/i?= =?us-ascii?Q?aMG4glNFrf/0nNW8wL6AoiraVcds/MedVNNo2gBk0kVN8Epb/iXCg9U/NE5I?= =?us-ascii?Q?daWoiSWe5FrYnGSjzWPdX3IiIvLe85EgU1YCgf1Y4nyoh4D1srtJMIQN8AGc?= =?us-ascii?Q?VqP8gurYRPVec/LKBK8ObbmMOYPjoq/MazejRtDW5/VNIwzQvWC/68Xj+Bbb?= =?us-ascii?Q?OIYE+2DVXmkFuJ2rrEy8SVserwp0XlYpxe0E6enbukAW6qNlDkz+ctNL71Jh?= =?us-ascii?Q?g/0jKeVnpV8zVaekmhRHfxo9TfnIudOfkuKe/Q+JEKqQ3gHGRktm6a3PicRC?= =?us-ascii?Q?T3GWudr678YyNNdRKnk9YZaKRwW34JWErJvZnxyhVGXaJ/cttLh14A9cy51L?= =?us-ascii?Q?rasVtwkqQxw357XNspPqxVN3Gxvclqgrl+U0IPMYMWfLtIBPInWLyGbWqzB/?= =?us-ascii?Q?InUy6u1xUiuhSiQ4VI3U92YVAqvkJ8kOsFIGKi+8r6jo659AB01xhIU45wBt?= =?us-ascii?Q?pUkH8ujpXWznw7idk3F8qdpkhsScWdXBPskYIITGAK7pyLfBvsVD3ftfdKWg?= =?us-ascii?Q?H7PLtAQBR2PQWNhWa5Oxm89aG9oigTf/vJQqVQXOcRduMHBWUtH9a9S5bv0k?= =?us-ascii?Q?Qmne/yjli9yXUR2sEX23qRAKUKdAarHFCYqsavkUHE8Pyxyeh+1eAsKt8mz6?= =?us-ascii?Q?bCCsL6ONyUXWpcZgjLNMgmMmpOyG2HH08u7nNHJZln5vg/iX+Zl/qkRaPSXe?= =?us-ascii?Q?A8DyJ6gnKS/8FRVJDCVpcHVDkvyQ8BHJ2r0o+HsPxeJlUcpCRpEihcgPBESH?= =?us-ascii?Q?rfLFn9E+OEXVNREGVyjkXqloK56GD8olr6gnU1g2WWqp/ADhcHdDHALfYWXT?= =?us-ascii?Q?ZGHNvJ5MXFX+gA4QBc8=3D?= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW4PR11MB5872.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: ba1d3190-fab1-446d-b88c-08db4cfa43b1 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2023 23:49:56.4277 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: SUhw2FZIOCXteVAauKTNpeQQiJyR7ORWqbb0nHePw4zZnjTUFNUP97T7BwcOa226UyvC9T1UmcLDTaOpM6dmrg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY8PR11MB6985 Return-Path: jiewen.yao@intel.com X-OriginatorOrg: intel.com Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sounds good. Thank you very much! Reviewed-by: Jiewen Yao > -----Original Message----- > From: Liu, Linus > Sent: Thursday, May 4, 2023 11:51 AM > To: Yao, Jiewen ; devel@edk2.groups.io > Cc: FST-FIR-PRC ; FST FIR Server > ; Chu, Maggie > Subject: RE: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit > to use Variable Policy >=20 > Hi Jieewn > Please refer the below reply. >=20 > Have you done any function test? For example: > 1) The HDD password feature still works? > Linus : yes , HDD password feature still works. >=20 > 2) The variable is really locked? > Linus : I've tried using dmpstore command to write HDDPassword in UEFI > Shell. Can't override it. >=20 > Please refer to the below log. > [2023-05-04 11:42:11.046] FS1:\> dmpstore -guid 737cded7-448b-4801- > b57d-b19483ec606F -s HDDHDDPwd.txt > [2023-05-04 11:42:18.835] Save variable to file: HDDPwd.txt. > [2023-05-04 11:42:18.909] Variable NV+BS '737CDED7-448B-4801-B57D- > B19483EC606F:HddPassword' DataSize =3D 0x48 > [2023-05-04 11:42:42.859] Load and set variables from file: HDDPwd.txt. > [2023-05-04 11:42:42.934] Variable NV+BS '737CDED7-448B-4801-B57D- > B19483EC606F:HddPassword' DataSize =3D 0x48 > [2023-05-04 11:42:43.082] dmpstore: Failed to set variable HddPassword: > Write Protected. >=20 >=20 > Thanks. >=20 > -----Original Message----- > From: Yao, Jiewen > Sent: Wednesday, May 3, 2023 9:21 AM > To: Liu, Linus ; devel@edk2.groups.io > Cc: FST-FIR-PRC ; FST FIR Server > ; Chu, Maggie > Subject: RE: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit > to use Variable Policy >=20 > That only proves that you did change the interface. But that cannot prove > you change it right. >=20 > Have you done any function test? For example: > 1) The HDD password feature still works? > 2) The variable is really locked? >=20 >=20 > > -----Original Message----- > > From: Liu, Linus > > Sent: Wednesday, May 3, 2023 8:40 AM > > To: Yao, Jiewen ; devel@edk2.groups.io > > Cc: FST-FIR-PRC ; FST FIR Server > > ; Chu, Maggie > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update > > HddPasswordDxeInit to use Variable Policy > > > > Hi Jiewen > > I add this patch into MTLS platform and collect the log. > > The below is before adding patch and after adding patch. There is no > > warring message. > > > > > > Before > > > > InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B > > 67E4C490 > > InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385 > > 68180030 > > !!! DEPRECATED INTERFACE !!! VariableLockRequestToLock() will go away > > soon! > > !!! DEPRECATED INTERFACE !!! Please move to use Variable Policy! > > !!! DEPRECATED INTERFACE !!! Variable: 737CDED7-448B-4801-B57D- > > B19483EC606F HddPassword > > HddPasswordDxeInit(): Lock HddPassword variable (Success) > > > > > > After > > > > InstallProtocolInterface: 09576E91-6D3F-11D2-8E39-00A0C969723B > > 67EA1370 > > InstallProtocolInterface: 330D4706-F2A0-4E4F-A369-B66FA8D54385 > > 68153DB0 > > HddPasswordDxeInit(): Lock HddPassword variable (Success) > > > > > > Thanks > > > > > > > > -----Original Message----- > > From: Yao, Jiewen > > Sent: Wednesday, May 3, 2023 12:11 AM > > To: Liu, Linus ; devel@edk2.groups.io > > Cc: FST-FIR-PRC ; FST FIR Server > > ; Chu, Maggie > > Subject: RE: [PATCH] Securitypkg/hddpassword: Update > > HddPasswordDxeInit to use Variable Policy > > > > Thanks. The patch loos good to me. > > > > Would you please share with us, how you validate the patch? > > > > > > > > > -----Original Message----- > > > From: Liu, Linus > > > Sent: Tuesday, April 11, 2023 5:55 PM > > > To: devel@edk2.groups.io > > > Cc: Yao, Jiewen ; FST-FIR-PRC > > prc@intel.com>; FST FIR Server ; Chu, > > > Maggie > > > Subject: [PATCH] Securitypkg/hddpassword: Update HddPasswordDxeInit > > to > > > use Variable Policy > > > > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D4408 > > > > > > Change-Id: I3c4b466ef318766d6d70c9f73e36b94b5f10832c > > > Cc: Jiewen Yao > > > Cc: FST-FIR-PRC > > > Cc: FST FIR Server C > > > Cc: Maggie Chu > > > Signed-off-by: Linus Liu > > > --- > > > SecurityPkg/HddPassword/HddPasswordDxe.c | 16 +++++++++++----- > > > SecurityPkg/HddPassword/HddPasswordDxe.h | 1 - > > > SecurityPkg/HddPassword/HddPasswordDxe.inf | 3 ++- > > > SecurityPkg/SecurityPkg.dsc | 1 + > > > 4 files changed, 14 insertions(+), 7 deletions(-) > > > > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c > > > b/SecurityPkg/HddPassword/HddPasswordDxe.c > > > index a1a63b67a4..c20fdbe83f 100644 > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.c > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c > > > @@ -9,6 +9,7 @@ > > > **/ > > > > > > > > > > > > #include "HddPasswordDxe.h" > > > > > > +#include > > > > > > > > > > > > EFI_GUID mHddPasswordVendorGuid =3D > > > HDD_PASSWORD_CONFIG_GUID; > > > > > > CHAR16 mHddPasswordVendorStorageName[] =3D > > > L"HDD_PASSWORD_CONFIG"; > > > > > > @@ -2822,7 +2823,7 @@ HddPasswordDxeInit ( > > > HDD_PASSWORD_DXE_PRIVATE_DATA *Private; > > > > > > VOID *Registration; > > > > > > EFI_EVENT EndOfDxeEvent; > > > > > > - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; > > > > > > + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; > > > > > > > > > > > > Private =3D NULL; > > > > > > > > > > > > @@ -2858,12 +2859,17 @@ HddPasswordDxeInit ( > > > // > > > > > > // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. > > > > > > // > > > > > > - Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, > > > NULL, (VOID **)&VariableLock); > > > > > > + Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, > > > + NULL, > > > (VOID **)&VariablePolicy); > > > > > > if (!EFI_ERROR (Status)) { > > > > > > - Status =3D VariableLock->RequestToLock ( > > > > > > - VariableLock, > > > > > > + Status =3D RegisterBasicVariablePolicy ( > > > > > > + VariablePolicy, > > > > > > + &mHddPasswordVendorGuid, > > > > > > HDD_PASSWORD_VARIABLE_NAME, > > > > > > - &mHddPasswordVendorGuid > > > > > > + VARIABLE_POLICY_NO_MIN_SIZE, > > > > > > + VARIABLE_POLICY_NO_MAX_SIZE, > > > > > > + VARIABLE_POLICY_NO_MUST_ATTR, > > > > > > + VARIABLE_POLICY_NO_CANT_ATTR, > > > > > > + VARIABLE_POLICY_TYPE_LOCK_NOW > > > > > > ); > > > > > > DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", > > > __FUNCTION__, HDD_PASSWORD_VARIABLE_NAME, Status)); > > > > > > ASSERT_EFI_ERROR (Status); > > > > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h > > > b/SecurityPkg/HddPassword/HddPasswordDxe.h > > > index 231533e737..049a208794 100644 > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.h > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h > > > @@ -17,7 +17,6 @@ > > > #include > > > > > > #include > > > > > > #include > > > > > > -#include > > > > > > > > > > > > #include > > > > > > #include > > > > > > diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > b/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > index 06e8755ffc..2c0ebbcc78 100644 > > > --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf > > > @@ -50,6 +50,7 @@ > > > PrintLib > > > > > > UefiLib > > > > > > LockBoxLib > > > > > > + VariablePolicyHelperLib > > > > > > S3BootScriptLib > > > > > > PciLib > > > > > > BaseCryptLib > > > > > > @@ -63,7 +64,7 @@ > > > gEfiHiiConfigAccessProtocolGuid ## PRODUCES > > > > > > gEfiAtaPassThruProtocolGuid ## CONSUMES > > > > > > gEfiPciIoProtocolGuid ## CONSUMES > > > > > > - gEdkiiVariableLockProtocolGuid ## CONSUMES > > > > > > + gEdkiiVariablePolicyProtocolGuid ## CONSUMES > > > > > > > > > > > > [Pcd] > > > > > > gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## > > CONSUMES > > > > > > diff --git a/SecurityPkg/SecurityPkg.dsc > > > b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 100644 > > > --- a/SecurityPkg/SecurityPkg.dsc > > > +++ b/SecurityPkg/SecurityPkg.dsc > > > @@ -74,6 +74,7 @@ > > > > > > PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibV > > > PlatformPKProtectionLib|ar > > > PlatformPKProtectionLib|Po > > > licy/PlatformPKProtectionLibVarPolicy.inf > > > > > > > > > SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariabl > > > SecureBootVariableProvisionLib|eP > > > SecureBootVariableProvisionLib|ro > > > visionLib/SecureBootVariableProvisionLib.inf > > > > > > TdxLib|MdePkg/Library/TdxLib/TdxLib.inf > > > > > > + > > > VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib > > > VariablePolicyHelperLib|/V > > > VariablePolicyHelperLib|ar > > > iablePolicyHelperLib.inf > > > > > > > > > > > > [LibraryClasses.ARM, LibraryClasses.AARCH64] > > > > > > # > > > > > > -- > > > 2.33.1.windows.1