From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bounce+27952+111920+7686176+12367111@groups.io>
Received: from mail02.groups.io (mail02.groups.io [66.175.222.108])
	by spool.mail.gandi.net (Postfix) with ESMTPS id B94BC740034
	for <rebecca@openfw.io>; Thu, 30 Nov 2023 23:14:50 +0000 (UTC)
DKIM-Signature: a=rsa-sha256; bh=eIGAP5dF53h9/+s9+L3+7mH74LGxU7dsWApgXnIWkqA=;
 c=relaxed/simple; d=groups.io;
 h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To:CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References:In-Reply-To:Accept-Language:MIME-Version:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Language:Content-Type:Content-Transfer-Encoding;
 s=20140610; t=1701386089; v=1;
 b=jBs6Q7RmDgejhyc70pup3O5nBckMhUo4yTViHctNs0PTcUvaDzUgLX5sWA4sH/eNOxmD+YJw
 3Ia4wqaZk0unQCir6L3on3ohHw8KjSa06Yqhj4WBjDgtFmoTkiTYGLTV1mzyAgpO+QbD+K2MzI+
 llyq5mr9qefiMm68VGRrttnc=
X-Received: by 127.0.0.2 with SMTP id jNH4YY7687511xNkjoSvLqvy; Thu, 30 Nov 2023 15:14:49 -0800
X-Received: from mgamail.intel.com (mgamail.intel.com [192.198.163.10])
 by mx.groups.io with SMTP id smtpd.web11.9985.1701386088457809206
 for <devel@edk2.groups.io>;
 Thu, 30 Nov 2023 15:14:48 -0800
X-IronPort-AV: E=McAfee;i="6600,9927,10910"; a="409257"
X-IronPort-AV: E=Sophos;i="6.04,240,1695711600"; 
   d="scan'208";a="409257"
X-Received: from orsmga002.jf.intel.com ([10.7.209.21])
  by fmvoesa104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 30 Nov 2023 15:14:41 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=McAfee;i="6600,9927,10910"; a="769460215"
X-IronPort-AV: E=Sophos;i="6.04,240,1695711600"; 
   d="scan'208";a="769460215"
X-Received: from fmsmsx601.amr.corp.intel.com ([10.18.126.81])
  by orsmga002.jf.intel.com with ESMTP/TLS/AES256-GCM-SHA384; 30 Nov 2023 15:14:40 -0800
X-Received: from fmsmsx611.amr.corp.intel.com (10.18.126.91) by
 fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.34; Thu, 30 Nov 2023 15:14:40 -0800
X-Received: from fmsmsx602.amr.corp.intel.com (10.18.126.82) by
 fmsmsx611.amr.corp.intel.com (10.18.126.91) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.34; Thu, 30 Nov 2023 15:14:39 -0800
X-Received: from fmsedg601.ED.cps.intel.com (10.1.192.135) by
 fmsmsx602.amr.corp.intel.com (10.18.126.82) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2507.34 via Frontend Transport; Thu, 30 Nov 2023 15:14:39 -0800
X-Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.57.40) by
 edgegateway.intel.com (192.55.55.70) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2507.34; Thu, 30 Nov 2023 15:14:39 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=XUcdZkSiRF4tq11EOPwt/PStFsIKkwd0Y02lxRp2GYryIhgAKC/XZM+jIkTznbgit1Ln4y5TilEG34H38X1NMvQ3NArtw77IVYsY9URo+LdZQCeIRNWqLJ21PkC7FfMrBiUUlBmLcqEE01v7+Pqx85hqdugkMDZRXS8/ouQMuCt1omQhIRK0OUOKfdyjOZMqoCrOljPoi0UXkKQNMF9NDqvmIdhJqXjlxgIg/PkF99L1LkjWonfq1N9z/rMHIFj9wXNbfNajMjEfjOUWwQ6Vs3e3kKmDuQIX9+4u5x1Cv68y37OPMPQJ+4vNDOdvo0HBc4fPCGzZeWHGetrsuD3ivA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=3mQWMbgVLHQFOsqheWNlBFOBJmC0l9G+CKzVgw+JEvY=;
 b=JK+bqO21jJI7X3O0TGtEgFTNeTqaamF1j2eEXtahHqqQV0Qc/zOJDiqBvzJbj4x1a7BhMsMIZ5OBd7RdrqrglFedge8HCcSz5VedkBvG2aHHa2gr6PVbkqemkSl15eU6PMcbQjYBZQ14xSR1LMacanjtZBpu+2hStlfNt+V4nRks7YJkN+7lWKKLAxChV5APPL4QZcn6DCf3yxHG5hwsagnTIScreKo5ZJV2kR3dWMFL6Akp0ZFqQgugZEKkbcANf/8WDsqjRZA37TUhftfpphj40ejilGZ3E4BH69s2qLtMwLUJQkIZU1jX8Ih/7OgbUAJX4SkFaZOOI3iNjtEQWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
X-Received: from PH0PR11MB5832.namprd11.prod.outlook.com (2603:10b6:510:141::7)
 by DS7PR11MB6248.namprd11.prod.outlook.com (2603:10b6:8:97::11) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7025.29; Thu, 30 Nov
 2023 23:14:34 +0000
X-Received: from PH0PR11MB5832.namprd11.prod.outlook.com
 ([fe80::f1bc:bba4:107e:6960]) by PH0PR11MB5832.namprd11.prod.outlook.com
 ([fe80::f1bc:bba4:107e:6960%7]) with mapi id 15.20.7025.022; Thu, 30 Nov 2023
 23:14:34 +0000
From: "Nate DeSimone" <nathaniel.l.desimone@intel.com>
To: "Xu, Wei6" <wei6.xu@intel.com>, "devel@edk2.groups.io"
	<devel@edk2.groups.io>
CC: "Bi, Dandan" <dandan.bi@intel.com>, "Gao, Liming"
	<gaoliming@byosoft.com.cn>
Subject: Re: [edk2-devel] [PATCH v2 edk2-platforms 1/1] UserAuthFeaturePkg/UserAuthenticationSmm: Support Standalone MM.
Thread-Topic: [PATCH v2 edk2-platforms 1/1]
  UserAuthFeaturePkg/UserAuthenticationSmm: Support Standalone MM.
Thread-Index: AQHaI58ZRJoMW5Y2f0aK12SXDdxtiLCTfp3A
Date: Thu, 30 Nov 2023 23:14:34 +0000
Message-ID: <PH0PR11MB5832CDE36CA3AC3D4B78B820CD82A@PH0PR11MB5832.namprd11.prod.outlook.com>
References: <cover.1701355673.git.wei6.xu@intel.com>
 <99ee6f53db1540ae5e47737e1e5b80c5433c3dea.1701355673.git.wei6.xu@intel.com>
In-Reply-To: <99ee6f53db1540ae5e47737e1e5b80c5433c3dea.1701355673.git.wei6.xu@intel.com>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR11MB5832:EE_|DS7PR11MB6248:EE_
x-ms-office365-filtering-correlation-id: eb5d06f5-7faa-48b7-ef97-08dbf1fa1dcb
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam-message-info: LO6sOMf+BuGZgJRpmvl/NFX0khvEVuW1Grze1hzCwaeSH3EzkI35RrMNg9Y6te/QUHlFKOCqdFOR8zwL+4O3953bxtWK6KubaaE+GWxJw/A0V9m/FUssQ3FvPaP3L02SUHaLfEr12IK97DwlZyXHFY5TeF4TUwQEWU8nXE3G+txjmSe4YCCDAD2x2mQV2nT9RRz42ff5lo1jcRAamEftzqQUZuh5Pck2Z/9SLWu9QgZsrCnTcgVZsFIBUOxZatPbG2bjMFGW+4OCbWswW6P+LDLnoYNXMAF1K7UuvRT9Rt4ly4g96kWxY3O4XQ+rkyfzm/ImPHocATRnnBhF3Nmzop7l1lrtweiXrapBXbfaKu83fiM7iNUerH52epOTQx8w3JwkcceYwjNhRYnJqvxn1XHmccrgOa08lk5N/muV8b7AMphNVjgmxwS0QDkvLV5Jp8wRVgN7FbelLsgEGX73KlTjXxtB4Ect471Gzqes5uugitTdSu9c9OM4yP9lO8Uo/lZeXeL8CnBAbWpIik4npv9VDYHYauotZQhsUFhSITy4JrDpKeTiyzjK5j/yWeIEpdkCKtczblNM/JlyMey1p3ZoFZahVAjVRS9NR2O25ctmIkuCFo1MAvWc2j76o5SA
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?bFXYUNDb5kzcP0lx7cE7qEOTqUM8nJPcI+G+KJpJoIMqHEA2dGDqh9/a6KHm?=
 =?us-ascii?Q?yjYSc8K0jC9fzOArdiOXkccNFFwclLBHaToipchfahERhhutP3bcWepuk8Uf?=
 =?us-ascii?Q?5XHpAC4U7l6EeElhxIvKFX4jQSfKKpfK+9v7zZFxjK25tYQO4TqYDURGwvnE?=
 =?us-ascii?Q?wR7ohEn88m+Ip22adRc3MdZ8P7/n5Xl+UQSgFywEB6IXDJ8doviM7oIrxzz9?=
 =?us-ascii?Q?7qFShdlp6PNv1xO3fQrmwwdEMRKpTJvd2qiaeJkj/pbfelt/JZSnJGjz7op0?=
 =?us-ascii?Q?pLy5AOPYhTk9rmOmxUGYjb8e9wo1FwFj8H9OfsqktQewQ4Wl6rw1U2tInziH?=
 =?us-ascii?Q?NvoOqE2d29m1gYCnGrNP8LXFfuhc5NMvSWscixK4icnrk0sxz4IFXBbut6vr?=
 =?us-ascii?Q?HxfYwYTZ/+F1ABTSN4kD8gNaRZI6hxwXE8DoSCwh5YBENe8IA2MX0sMzMxb/?=
 =?us-ascii?Q?9xTDdo6Om3WIUqnP+9SiYNLRwehU7JniIb3kkLrShOmD82ZprcejsvHyEQ/j?=
 =?us-ascii?Q?nnN/izNc19EyvqSJfC+NDjX+NS4/YTfyHWqgmQA/vf2vlTRr6C3LLj3w2lsZ?=
 =?us-ascii?Q?kx8nyXFda0MOrlAVqNB5Xr1kVVHGf2dQ5f+1WFz/hTaangMwk/tqHHBb0rm3?=
 =?us-ascii?Q?2+YV3sw3WjgGmivALQfR8aVvxcjluG9yYYQYZL3SVrxV81bXJZ/Jnq1uPs/D?=
 =?us-ascii?Q?BG5lrDPAZQiqhjXZPs8iruhgetE90Rx9jxzcheg1FslJhxEWo+lzgZ1s9HZT?=
 =?us-ascii?Q?as9duEuFZcCVJXQRR9ZxYCJ78DV+uclHGDqBQcfHXiwoTeC4tp9Lv9wFBub9?=
 =?us-ascii?Q?/IRXPO2OydEt19Ot9K8dyAM+JvEbRyIchQhSAB6kW9XcI2cSsQUPkp+rPl8L?=
 =?us-ascii?Q?IK8/cFqzOib/fqhUzOYO1pLVPBMne7SIf8gShTwlw/2BP9pXHgevM8aZT5xW?=
 =?us-ascii?Q?TPdKj2RNGVysVHj1J8zbzoZPBYVfVV/njMkjfstwX3w1WDfj1paFQgRA03hm?=
 =?us-ascii?Q?UGSteoJIzQWSDnPBQseIB6QmozY4WGVQRHws5fI6mI6BYw6UBUnAUFugUkp5?=
 =?us-ascii?Q?UMDQf5jwcsQFBIg+yHjHsqK8POem3MA/hoH1ohOrEvCfZX0mW9d5CyU2z57b?=
 =?us-ascii?Q?/rBuvwRTNDDbXe4lepXr/79SoPISpSaMUEWIIYL1kP9ETpAL8UC97KOCME9k?=
 =?us-ascii?Q?DHlQpE6vXAmdb5aOlIzf0d56XaqrEYrbZvdsJfJ+Bg1EJIb+8FMqcBtiq+KW?=
 =?us-ascii?Q?ylfw6pH711TefbaUgRCbMS1CxYqYmtgyEZqKwc+W+jNsP6SAubIlxGFUJfiJ?=
 =?us-ascii?Q?IwQSkjcM7oY/e8S3BLxjOF7axqH3Y/iAXoDZU7geWhLSIMRq3kFxmpLp5CSL?=
 =?us-ascii?Q?XC9WHVdAEvs/TAYHkHc5VZHgBgtlX7n0q1LdT93BBBFIypSuCdK1EM6IgvdA?=
 =?us-ascii?Q?KyUs+vmNeaWBhfeCopCgqEALKogUV71RQjl7u1ku8Bm2HVW73TrpDbUtcAli?=
 =?us-ascii?Q?Ok+OqIKthKPwK8vIbCnwcjjdJElWQVTJb+LbjrnhFezmrevx8NWPkqpsNgSp?=
 =?us-ascii?Q?+gtmArjD5yPqwscDCT2nzCuTnVdwgJfMzuW4EtTReE3cc05pgCNn0Ro3Q0Up?=
 =?us-ascii?Q?cQ=3D=3D?=
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR11MB5832.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: eb5d06f5-7faa-48b7-ef97-08dbf1fa1dcb
X-MS-Exchange-CrossTenant-originalarrivaltime: 30 Nov 2023 23:14:34.6961
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: p7pslJLDbUIyrk9FbbAbzY0wm6RvH2BjM5s9k4JY/tSB5ivIG3fHAzWt66juPG9lEW7uDw91/7JwfLRoC9oDLlHFE8C+BqGs0JaWQqBVujo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB6248
X-OriginatorOrg: intel.com
Precedence: Bulk
List-Subscribe: <mailto:devel+subscribe@edk2.groups.io>
List-Help: <mailto:devel+help@edk2.groups.io>
Sender: devel@edk2.groups.io
List-Id: <devel.edk2.groups.io>
Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io
Reply-To: devel@edk2.groups.io,nathaniel.l.desimone@intel.com
List-Unsubscribe-Post: List-Unsubscribe=One-Click
List-Unsubscribe: <https://edk2.groups.io/g/devel/leave/12367111/7686176/1913456212/plugh>
X-Gm-Message-State: Sg0xEHqeUasOVP5lCmTRAZk8x7686176AA=
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-GND-Status: LEGIT
Authentication-Results: spool.mail.gandi.net;
	dkim=pass header.d=groups.io header.s=20140610 header.b=jBs6Q7Rm;
	dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=intel.com (policy=none);
	spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 66.175.222.108 as permitted sender) smtp.mailfrom=bounce@groups.io;
	arc=reject ("signature check failed: fail, {[1] = sig:microsoft.com:reject}")

Pushed as bd1c9ed

-----Original Message-----
From: Xu, Wei6 <wei6.xu@intel.com>=20
Sent: Thursday, November 30, 2023 7:07 AM
To: devel@edk2.groups.io
Cc: Xu, Wei6 <wei6.xu@intel.com>; Bi, Dandan <dandan.bi@intel.com>; Desimon=
e, Nathaniel L <nathaniel.l.desimone@intel.com>; Gao, Liming <gaoliming@byo=
soft.com.cn>
Subject: [PATCH v2 edk2-platforms 1/1] UserAuthFeaturePkg/UserAuthenticatio=
nSmm: Support Standalone MM.

Refactor UserAuthenticationSmm to support Standalone MM.
- Factor out variable lock code logic that references boot services.
- UserAuthenticationStandaloneMmDxe is added to lock the variables.
  It is only used for UserAuthenticationStandaloneMm.
- UserAuthenticationStandaloneMm doesn't lock the variables, needs to
  rely on UserAuthenticationStandaloneMmDxe to do the lock.
- UserAuthenticationSmm still locks the variables by itself, no need
  to include UserAuthenticationStandaloneMmDxe.
- Register gEfiEventExitBootServicesGuid notify which is used by the
  StandaloneMmCore.

Since gEdkiiVariableLockProtocolGuid is a deprecated interface, use gEdkiiV=
ariablePolicyProtocolGuid to lock password variables instead.

Cc: Dandan Bi <dandan.bi@intel.com>
Cc: Nate DeSimone <nathaniel.l.desimone@intel.com>
Cc: Liming Gao <gaoliming@byosoft.com.cn>
Signed-off-by: Wei6 Xu <wei6.xu@intel.com>
---
 .../Include/UserAuthFeature.dsc               |  4 +-
 .../UserAuthenticationSmm.c                   | 40 ++++-----
 .../UserAuthenticationSmm.h                   | 28 ++++---
 .../UserAuthenticationSmm.inf                 | 13 +--
 .../UserAuthenticationStandaloneMm.c          | 43 ++++++++++
 .../UserAuthenticationStandaloneMm.inf        | 58 +++++++++++++
 .../UserAuthenticationStandaloneMmDxe.c       | 31 +++++++
 .../UserAuthenticationStandaloneMmDxe.inf     | 42 ++++++++++
 .../UserAuthenticationTraditionalMm.c         | 28 +++++++
 .../UserAuthenticationVariable.h              | 36 ++++++++
 .../UserAuthenticationVariableLock.c          | 84 +++++++++++++++++++
 11 files changed, 363 insertions(+), 44 deletions(-)  create mode 100644 F=
eatures/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxeSmm/Use=
rAuthenticationStandaloneMm.c
 create mode 100644 Features/Intel/UserInterface/UserAuthFeaturePkg/UserAut=
henticationDxeSmm/UserAuthenticationStandaloneMm.inf
 create mode 100644 Features/Intel/UserInterface/UserAuthFeaturePkg/UserAut=
henticationDxeSmm/UserAuthenticationStandaloneMmDxe.c
 create mode 100644 Features/Intel/UserInterface/UserAuthFeaturePkg/UserAut=
henticationDxeSmm/UserAuthenticationStandaloneMmDxe.inf
 create mode 100644 Features/Intel/UserInterface/UserAuthFeaturePkg/UserAut=
henticationDxeSmm/UserAuthenticationTraditionalMm.c
 create mode 100644 Features/Intel/UserInterface/UserAuthFeaturePkg/UserAut=
henticationDxeSmm/UserAuthenticationVariable.h
 create mode 100644 Features/Intel/UserInterface/UserAuthFeaturePkg/UserAut=
henticationDxeSmm/UserAuthenticationVariableLock.c

diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/Include/UserAu=
thFeature.dsc b/Features/Intel/UserInterface/UserAuthFeaturePkg/Include/Use=
rAuthFeature.dsc
index 2f39a5580caf..1541dc3f80f3 100644
--- a/Features/Intel/UserInterface/UserAuthFeaturePkg/Include/UserAuthFeatu=
re.dsc
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/Include/UserAuthFe
+++ ature.dsc
@@ -6,7 +6,7 @@
 # INF files to generate AutoGen.c and AutoGen.h files  # for the build inf=
rastructure.
 #
-# Copyright (c) 2020 - 2021, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2020 - 2023, Intel Corporation. All rights=20
+reserved.<BR>
 #
 # SPDX-License-Identifier: BSD-2-Clause-Patent  # @@ -75,3 +75,5 @@
   UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationDxe.inf
   UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthentication2Dxe.inf
   UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf
+ =20
+ UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandalo
+ neMm.inf =20
+ UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandalo
+ neMmDxe.inf
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationSmm.c b/Features/Intel/UserInterface/UserAuthF=
eaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.c
index 16e3405a82ef..98f40c1812c1 100644
--- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxe=
Smm/UserAuthenticationSmm.c
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationSmm.c
@@ -1,6 +1,6 @@
 /** @file
=20
-  Copyright (c) 2019 - 2021, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2019 - 2023, Intel Corporation. All rights=20
+ reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
=20
 **/
@@ -642,7 +642,7 @@ UaExitBootServices (  {
   DEBUG ((DEBUG_INFO, "Unregister User Authentication Smi\n"));
=20
-  gSmst->SmiHandlerUnRegister(mSmmHandle);
+  gMmst->MmiHandlerUnRegister(mSmmHandle);
=20
   return EFI_SUCCESS;
 }
@@ -657,54 +657,44 @@ UaExitBootServices (
=20
 **/
 EFI_STATUS
-EFIAPI
 PasswordSmmInit (
-  IN EFI_HANDLE                         ImageHandle,
-  IN EFI_SYSTEM_TABLE                   *SystemTable
+  VOID
   )
 {
   EFI_STATUS                            Status;
-  EDKII_VARIABLE_LOCK_PROTOCOL          *VariableLock;
-  CHAR16                                PasswordHistoryName[sizeof(USER_AU=
THENTICATION_VAR_NAME)/sizeof(CHAR16) + 5];
-  UINTN                                 Index;
   EFI_EVENT                             ExitBootServicesEvent;
   EFI_EVENT                             LegacyBootEvent;
+  EFI_EVENT                             SmmExitBootServicesEvent;
=20
   ASSERT (PASSWORD_HASH_SIZE =3D=3D SHA256_DIGEST_SIZE);
   ASSERT (PASSWORD_HISTORY_CHECK_COUNT < 0xFFFF);
=20
-  Status =3D gSmst->SmmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,=
 (VOID**)&mSmmVariable);
+  Status =3D gMmst->MmLocateProtocol (&gEfiSmmVariableProtocolGuid, NULL,=
=20
+ (VOID**)&mSmmVariable);
   ASSERT_EFI_ERROR (Status);
=20
   //
   // Make password variables read-only for DXE driver for security concern=
.
   //
-  Status =3D gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (=
VOID **) &VariableLock);
-  if (!EFI_ERROR (Status)) {
-    Status =3D VariableLock->RequestToLock (VariableLock, USER_AUTHENTICAT=
ION_VAR_NAME, &gUserAuthenticationGuid);
-    ASSERT_EFI_ERROR (Status);
-
-    for (Index =3D 1; Index <=3D PASSWORD_HISTORY_CHECK_COUNT; Index++) {
-      UnicodeSPrint (PasswordHistoryName, sizeof (PasswordHistoryName), L"=
%s%04x", USER_AUTHENTICATION_VAR_NAME, Index);
-      Status =3D VariableLock->RequestToLock (VariableLock, PasswordHistor=
yName, &gUserAuthenticationGuid);
-      ASSERT_EFI_ERROR (Status);
-    }
-    Status =3D VariableLock->RequestToLock (VariableLock, USER_AUTHENTICAT=
ION_HISTORY_LAST_VAR_NAME, &gUserAuthenticationGuid);
-    ASSERT_EFI_ERROR (Status);
+  Status =3D LockPasswordVariable ();
+  ASSERT_EFI_ERROR (Status);
+  if (EFI_ERROR (Status)) {
+    return Status;
   }
=20
-  Status =3D gSmst->SmiHandlerRegister (SmmPasswordHandler, &gUserAuthenti=
cationGuid, &mSmmHandle);
+  Status =3D gMmst->MmiHandlerRegister (SmmPasswordHandler,=20
+ &gUserAuthenticationGuid, &mSmmHandle);
   ASSERT_EFI_ERROR (Status);
   if (EFI_ERROR (Status)) {
     return Status;
   }
=20
   //
-  // Register for SmmExitBootServices and SmmLegacyBoot notification.
+  // Register for SmmExitBootServices, SmmLegacyBoot and EventExitBootServ=
ices notification.
   //
-  Status =3D gSmst->SmmRegisterProtocolNotify (&gEdkiiSmmExitBootServicesP=
rotocolGuid, UaExitBootServices, &ExitBootServicesEvent);
+  Status =3D gMmst->MmRegisterProtocolNotify=20
+ (&gEdkiiSmmExitBootServicesProtocolGuid, UaExitBootServices,=20
+ &SmmExitBootServicesEvent);  ASSERT_EFI_ERROR (Status);  Status =3D=20
+ gMmst->MmRegisterProtocolNotify (&gEdkiiSmmLegacyBootProtocolGuid,=20
+ UaExitBootServices, &LegacyBootEvent);
   ASSERT_EFI_ERROR (Status);
-  Status =3D gSmst->SmmRegisterProtocolNotify (&gEdkiiSmmLegacyBootProtoco=
lGuid, UaExitBootServices, &LegacyBootEvent);
+  Status =3D gMmst->MmRegisterProtocolNotify=20
+ (&gEfiEventExitBootServicesGuid, UaExitBootServices,=20
+ &ExitBootServicesEvent);
   ASSERT_EFI_ERROR (Status);
=20
   if (IsPasswordCleared()) {
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationSmm.h b/Features/Intel/UserInterface/UserAuthF=
eaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.h
index 47bb95529fa7..84d06f9422ee 100644
--- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxe=
Smm/UserAuthenticationSmm.h
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationSmm.h
@@ -1,7 +1,7 @@
 /** @file
   Header file for UserAuthenticationSmm.
=20
-  Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
+  Copyright (c) 2019 - 2023, Intel Corporation. All rights=20
+ reserved.<BR>
   SPDX-License-Identifier: BSD-2-Clause-Patent
=20
 **/
@@ -9,7 +9,7 @@
 #ifndef __USER_AUTHENTICATION_SMM_H__
 #define __USER_AUTHENTICATION_SMM_H__
=20
-#include <PiSmm.h>
+#include <PiMm.h>
=20
 #include <Protocol/SmmVariable.h>
 #include <Protocol/VariableLock.h>
@@ -21,26 +21,17 @@
 #include <Library/BaseMemoryLib.h>
 #include <Library/PrintLib.h>
 #include <Library/UefiBootServicesTableLib.h>
-#include <Library/SmmServicesTableLib.h>
+#include <Library/MmServicesTableLib.h>
 #include <Library/MemoryAllocationLib.h> -#include <Library/SmmServicesTab=
leLib.h>  #include <Library/BaseCryptLib.h>  #include <Library/PlatformPass=
wordLib.h>
=20
 #include "KeyService.h"
+#include "UserAuthenticationVariable.h"
=20
 #define PASSWORD_SALT_SIZE   32
 #define PASSWORD_HASH_SIZE   32 // SHA256_DIGEST_SIZE
=20
-#define PASSWORD_MAX_TRY_COUNT  3
-#define PASSWORD_HISTORY_CHECK_COUNT  5
-
-//
-// Name of the variable
-//
-#define USER_AUTHENTICATION_VAR_NAME L"Password"
-#define USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME L"PasswordLast"
-
 //
 // Variable storage
 //
@@ -49,4 +40,15 @@ typedef struct {
   UINT8        PasswordSalt[PASSWORD_SALT_SIZE];
 } USER_PASSWORD_VAR_STRUCT;
=20
+/**
+  Password Smm Init.
+
+  @retval EFI_SUCESS  This function always complete successfully.
+
+**/
+EFI_STATUS
+PasswordSmmInit (
+  VOID
+  );
+
 #endif
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationSmm.inf b/Features/Intel/UserInterface/UserAut=
hFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationSmm.inf
index b53f70f0e319..ad5a05bac8e6 100644
--- a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthenticationDxe=
Smm/UserAuthenticationSmm.inf
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationSmm.inf
@@ -3,7 +3,7 @@
 #
 #  This driver provides SMM services for DXE user authentication module.
 #
-# Copyright (c) 2019 - 2021, Intel Corporation. All rights reserved.<BR>
+# Copyright (c) 2019 - 2023, Intel Corporation. All rights=20
+reserved.<BR>
 # SPDX-License-Identifier: BSD-2-Clause-Patent  #  ## @@ -15,13 +15,15 @@
   MODULE_TYPE                    =3D DXE_SMM_DRIVER
   VERSION_STRING                 =3D 1.0
   PI_SPECIFICATION_VERSION       =3D 0x0001000A
-  ENTRY_POINT                    =3D PasswordSmmInit
+  ENTRY_POINT                    =3D UserAuthenticationMmEntry
=20
 [Sources]
   UserAuthenticationSmm.c
+  UserAuthenticationTraditionalMm.c
   UserAuthenticationSmm.h
   KeyService.c
   KeyService.h
+  UserAuthenticationVariableLock.c
=20
 [Packages]
   MdePkg/MdePkg.dec
@@ -36,17 +38,18 @@
   BaseLib
   BaseMemoryLib
   PrintLib
-  SmmServicesTableLib
+  MmServicesTableLib
   MemoryAllocationLib
-  UefiLib
   BaseCryptLib
   PlatformPasswordLib
+  VariablePolicyHelperLib
=20
 [Guids]
   gUserAuthenticationGuid                       ## CONSUMES  ## GUID
+  gEfiEventExitBootServicesGuid                 ## CONSUMES  ## Event
=20
 [Protocols]
-  gEdkiiVariableLockProtocolGuid                ## CONSUMES
+  gEdkiiVariablePolicyProtocolGuid              ## CONSUMES
   gEfiSmmVariableProtocolGuid                   ## CONSUMES
   gEdkiiSmmExitBootServicesProtocolGuid         ## CONSUMES
   gEdkiiSmmLegacyBootProtocolGuid               ## CONSUMES
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationStandaloneMm.c b/Features/Intel/UserInterface/=
UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneMm.=
c
new file mode 100644
index 000000000000..c5fc220a7c12
--- /dev/null
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationStandaloneMm.c
@@ -0,0 +1,43 @@
+/** @file
+  Entry point of UserAuthenticationStandaloneMm.
+
+  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "UserAuthenticationSmm.h"
+
+/**
+  NULL implement for Lock password variables.
+  Relies on UserAuthenticationStandaloneMmDxe to lock the password variabl=
es.
+
+  @retval EFI_SUCCESS  Always return success.
+
+**/
+EFI_STATUS
+LockPasswordVariable (
+  VOID
+  )
+{
+  return EFI_SUCCESS;
+}
+
+/**
+  Main entry for this driver.
+
+  @param ImageHandle     Image handle this driver.
+  @param SystemTable     Pointer to SystemTable.
+
+  @retval EFI_SUCESS     This function always complete successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+UserAuthenticationMmEntry (
+  IN EFI_HANDLE           ImageHandle,
+  IN EFI_MM_SYSTEM_TABLE  *SystemTable
+  )
+{
+  return PasswordSmmInit ();
+}
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationStandaloneMm.inf b/Features/Intel/UserInterfac=
e/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandaloneM=
m.inf
new file mode 100644
index 000000000000..ebf92bc7acf2
--- /dev/null
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationStandaloneMm.inf
@@ -0,0 +1,58 @@
+## @file
+#  User Authentication Standalone Mm Driver.
+#
+#  This driver provides SMM services for DXE user authentication module.
+#  This Standalone Mm driver lacks of the ability to lock the password=20
+#  variables. Need to rely on UserAuthenticationStandaloneMmDxe to lock=20
+#  the variables.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR> #=20
+SPDX-License-Identifier: BSD-2-Clause-Patent # ##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D UserAuthenticationStandaloneMm
+  FILE_GUID                      =3D 80130611-a67a-4631-becb-87ce22d6f165
+  MODULE_TYPE                    =3D MM_STANDALONE
+  VERSION_STRING                 =3D 1.0
+  PI_SPECIFICATION_VERSION       =3D 0x00010032
+  ENTRY_POINT                    =3D UserAuthenticationMmEntry
+
+[Sources]
+  UserAuthenticationSmm.c
+  UserAuthenticationStandaloneMm.c
+  UserAuthenticationSmm.h
+  KeyService.c
+  KeyService.h
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  CryptoPkg/CryptoPkg.dec
+  UserAuthFeaturePkg/UserAuthFeaturePkg.dec
+
+[LibraryClasses]
+  StandaloneMmDriverEntryPoint
+  DebugLib
+  BaseLib
+  BaseMemoryLib
+  PrintLib
+  MmServicesTableLib
+  MemoryAllocationLib
+  BaseCryptLib
+  PlatformPasswordLib
+
+[Guids]
+  gUserAuthenticationGuid                       ## CONSUMES  ## GUID
+  gEfiEventExitBootServicesGuid                 ## CONSUMES  ## Event
+
+[Protocols]
+  gEdkiiVariableLockProtocolGuid                ## CONSUMES
+  gEfiSmmVariableProtocolGuid                   ## CONSUMES
+  gEdkiiSmmExitBootServicesProtocolGuid         ## CONSUMES
+  gEdkiiSmmLegacyBootProtocolGuid               ## CONSUMES
+
+[Depex]
+  gEfiSmmVariableProtocolGuid
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationStandaloneMmDxe.c b/Features/Intel/UserInterfa=
ce/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandalone=
MmDxe.c
new file mode 100644
index 000000000000..c2abc9e28bb3
--- /dev/null
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationStandaloneMmDxe.c
@@ -0,0 +1,31 @@
+/** @file
+  This Driver mainly locks password variables.
+
+  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiDxe.h>
+
+#include "UserAuthenticationVariable.h"
+
+/**
+  User Authentication Standalone Mm Dxe driver entry point.
+
+  @param[in] ImageHandle  The image handle.
+  @param[in] SystemTable  The system table.
+
+  @retval EFI_SUCCESS    The entry point is executed successfully.
+  @return  other         Contain some other errors.
+
+**/
+EFI_STATUS
+EFIAPI
+UserAuthenticationStandaloneMmDxeEntry (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  return LockPasswordVariable ();
+}
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationStandaloneMmDxe.inf b/Features/Intel/UserInter=
face/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationStandalo=
neMmDxe.inf
new file mode 100644
index 000000000000..beb28b461295
--- /dev/null
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationStandaloneMmDxe.inf
@@ -0,0 +1,42 @@
+## @file
+#  User Authentication Standalone MM Dxe Driver.
+#
+#  This Driver mainly locks the password variable.
+#
+# Copyright (c) 2023, Intel Corporation. All rights reserved.<BR> #=20
+SPDX-License-Identifier: BSD-2-Clause-Patent # ##
+
+[Defines]
+  INF_VERSION                    =3D 0x00010005
+  BASE_NAME                      =3D UserAuthenticationStandaloneMmDxe
+  FILE_GUID                      =3D 08fc98fb-1cec-45c6-ad02-542096191054
+  MODULE_TYPE                    =3D DXE_DRIVER
+  VERSION_STRING                 =3D 1.0
+  ENTRY_POINT                    =3D UserAuthenticationStandaloneMmDxeEntr=
y
+
+[Sources]
+  UserAuthenticationStandaloneMmDxe.c
+  UserAuthenticationVariableLock.c
+
+[Packages]
+  MdePkg/MdePkg.dec
+  MdeModulePkg/MdeModulePkg.dec
+  UserAuthFeaturePkg/UserAuthFeaturePkg.dec
+
+[LibraryClasses]
+  UefiBootServicesTableLib
+  UefiDriverEntryPoint
+  DebugLib
+  PrintLib
+  VariablePolicyHelperLib
+
+[Guids]
+  gUserAuthenticationGuid                       ## CONSUMES  ## GUID
+
+[Protocols]
+  gEdkiiVariablePolicyProtocolGuid              ## CONSUMES
+
+[Depex]
+  gEdkiiVariableLockProtocolGuid
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationTraditionalMm.c b/Features/Intel/UserInterface=
/UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationTraditionalM=
m.c
new file mode 100644
index 000000000000..1514d78f1946
--- /dev/null
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationTraditionalMm.c
@@ -0,0 +1,28 @@
+/** @file
+  Entry point of UserAuthenticationSmm.
+
+  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include "UserAuthenticationSmm.h"
+
+/**
+  Main entry for this driver.
+
+  @param[in] ImageHandle  Image handle this driver.
+  @param[in] SystemTable  Pointer to SystemTable.
+
+  @retval EFI_SUCESS  This function always complete successfully.
+
+**/
+EFI_STATUS
+EFIAPI
+UserAuthenticationMmEntry (
+  IN EFI_HANDLE        ImageHandle,
+  IN EFI_SYSTEM_TABLE  *SystemTable
+  )
+{
+  return PasswordSmmInit ();
+}
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationVariable.h b/Features/Intel/UserInterface/User=
AuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariable.h
new file mode 100644
index 000000000000..3b249e06d848
--- /dev/null
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationVariable.h
@@ -0,0 +1,36 @@
+/** @file
+  Header file for definition of User Authentication Variable.
+
+  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#ifndef USER_AUTHENTICATION_VARIABLE_H_ #define=20
+USER_AUTHENTICATION_VARIABLE_H_
+
+#define PASSWORD_MAX_TRY_COUNT        3
+#define PASSWORD_HISTORY_CHECK_COUNT  5
+
+//
+// Name of the variable
+//
+#define USER_AUTHENTICATION_VAR_NAME               L"Password"
+#define USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME  L"PasswordLast"
+
+/**
+  Lock password variables for security concern.
+
+  @retval EFI_SUCCESS           Succeed to lock variable.
+  @retval EFI_NOT_FOUND         Variable Lock protocol is not found.
+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE=
NT_GROUP_READY_TO_BOOT has
+                                already been signaled.
+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource to hold the l=
ock request.
+
+**/
+EFI_STATUS
+LockPasswordVariable (
+  VOID
+  );
+
+#endif
diff --git a/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentica=
tionDxeSmm/UserAuthenticationVariableLock.c b/Features/Intel/UserInterface/=
UserAuthFeaturePkg/UserAuthenticationDxeSmm/UserAuthenticationVariableLock.=
c
new file mode 100644
index 000000000000..dd43991fe711
--- /dev/null
+++ b/Features/Intel/UserInterface/UserAuthFeaturePkg/UserAuthentication
+++ DxeSmm/UserAuthenticationVariableLock.c
@@ -0,0 +1,84 @@
+/** @file
+  Source code to lock password variables.
+
+  Copyright (c) 2023, Intel Corporation. All rights reserved.<BR>
+  SPDX-License-Identifier: BSD-2-Clause-Patent
+
+**/
+
+#include <PiDxe.h>
+
+#include <Protocol/VariablePolicy.h>
+
+#include <Library/PrintLib.h>
+#include <Library/DebugLib.h>
+#include <Library/VariablePolicyHelperLib.h>
+#include <Library/UefiBootServicesTableLib.h>
+
+#include <Guid/UserAuthentication.h>
+
+#include "UserAuthenticationVariable.h"
+
+/**
+  Lock password variables for security concern.
+
+  @retval EFI_SUCCESS           Succeed to lock variable.
+  @retval EFI_NOT_FOUND         Variable Lock protocol is not found.
+  @retval EFI_ACCESS_DENIED     EFI_END_OF_DXE_EVENT_GROUP_GUID or EFI_EVE=
NT_GROUP_READY_TO_BOOT has
+                                already been signaled.
+  @retval EFI_OUT_OF_RESOURCES  There is not enough resource to hold the l=
ock request.
+
+**/
+EFI_STATUS
+LockPasswordVariable (
+  VOID
+  )
+{
+  EFI_STATUS                      Status;
+  CHAR16                          PasswordHistoryName[sizeof (USER_AUTHENT=
ICATION_VAR_NAME)/sizeof (CHAR16) + 5];
+  UINTN                           Index;
+  EDKII_VARIABLE_POLICY_PROTOCOL  *VariablePolicy;
+
+  Status =3D gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid,=20
+ NULL, (VOID **)&VariablePolicy);  if (!EFI_ERROR (Status)) {
+    Status =3D RegisterBasicVariablePolicy (
+               VariablePolicy,
+               &gUserAuthenticationGuid,
+               USER_AUTHENTICATION_VAR_NAME,
+               VARIABLE_POLICY_NO_MIN_SIZE,
+               VARIABLE_POLICY_NO_MAX_SIZE,
+               VARIABLE_POLICY_NO_MUST_ATTR,
+               VARIABLE_POLICY_NO_CANT_ATTR,
+               VARIABLE_POLICY_TYPE_LOCK_NOW
+               );
+    ASSERT_EFI_ERROR (Status);
+    for (Index =3D 1; Index <=3D PASSWORD_HISTORY_CHECK_COUNT; Index++) {
+      UnicodeSPrint (PasswordHistoryName, sizeof (PasswordHistoryName), L"=
%s%04x", USER_AUTHENTICATION_VAR_NAME, Index);
+      Status =3D RegisterBasicVariablePolicy (
+                 VariablePolicy,
+                 &gUserAuthenticationGuid,
+                 PasswordHistoryName,
+                 VARIABLE_POLICY_NO_MIN_SIZE,
+                 VARIABLE_POLICY_NO_MAX_SIZE,
+                 VARIABLE_POLICY_NO_MUST_ATTR,
+                 VARIABLE_POLICY_NO_CANT_ATTR,
+                 VARIABLE_POLICY_TYPE_LOCK_NOW
+                 );
+      ASSERT_EFI_ERROR (Status);
+    }
+
+    Status =3D RegisterBasicVariablePolicy (
+               VariablePolicy,
+               &gUserAuthenticationGuid,
+               USER_AUTHENTICATION_HISTORY_LAST_VAR_NAME,
+               VARIABLE_POLICY_NO_MIN_SIZE,
+               VARIABLE_POLICY_NO_MAX_SIZE,
+               VARIABLE_POLICY_NO_MUST_ATTR,
+               VARIABLE_POLICY_NO_CANT_ATTR,
+               VARIABLE_POLICY_TYPE_LOCK_NOW
+               );
+    ASSERT_EFI_ERROR (Status);
+  }
+
+  return Status;
+}
--
2.29.2.windows.2



-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-
Groups.io Links: You receive all messages sent to this group.
View/Reply Online (#111920): https://edk2.groups.io/g/devel/message/111920
Mute This Topic: https://groups.io/mt/102895177/7686176
Group Owner: devel+owner@edk2.groups.io
Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io]
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-