diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.c b/SecurityPkg/HddPassword/HddPasswordDxe.c index 55dfb25886..6f36b5a0a2 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.c +++ b/SecurityPkg/HddPassword/HddPasswordDxe.c @@ -9,6 +9,7 @@ **/ #include "HddPasswordDxe.h" +#include EFI_GUID mHddPasswordVendorGuid = HDD_PASSWORD_CONFIG_GUID; CHAR16 mHddPasswordVendorStorageName[] = L"HDD_PASSWORD_CONFIG"; @@ -2818,11 +2819,11 @@ HddPasswordDxeInit ( IN EFI_SYSTEM_TABLE *SystemTable ) { - EFI_STATUS Status; - HDD_PASSWORD_DXE_PRIVATE_DATA *Private; - VOID *Registration; - EFI_EVENT EndOfDxeEvent; - EDKII_VARIABLE_LOCK_PROTOCOL *VariableLock; + EFI_STATUS Status; + HDD_PASSWORD_DXE_PRIVATE_DATA *Private; + VOID *Registration; + EFI_EVENT EndOfDxeEvent; + EDKII_VARIABLE_POLICY_PROTOCOL *VariablePolicy; Private = NULL; @@ -2858,13 +2859,18 @@ HddPasswordDxeInit ( // // Make HDD_PASSWORD_VARIABLE_NAME variable read-only. // - Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLock); + Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy); if (!EFI_ERROR (Status)) { - Status = VariableLock->RequestToLock ( - VariableLock, - HDD_PASSWORD_VARIABLE_NAME, - &mHddPasswordVendorGuid - ); + Status = RegisterBasicVariablePolicy ( + VariablePolicy, + &mHddPasswordVendorGuid, + HDD_PASSWORD_VARIABLE_NAME, + VARIABLE_POLICY_NO_MIN_SIZE, + VARIABLE_POLICY_NO_MAX_SIZE, + VARIABLE_POLICY_NO_MUST_ATTR, + VARIABLE_POLICY_NO_CANT_ATTR, + VARIABLE_POLICY_TYPE_LOCK_NOW + ); DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __func__, HDD_PASSWORD_VARIABLE_NAME, Status)); ASSERT_EFI_ERROR (Status); } diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.h b/SecurityPkg/HddPassword/HddPasswordDxe.h index 231533e737..049a208794 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.h +++ b/SecurityPkg/HddPassword/HddPasswordDxe.h @@ -17,7 +17,6 @@ #include #include #include -#include #include #include diff --git a/SecurityPkg/HddPassword/HddPasswordDxe.inf b/SecurityPkg/HddPassword/HddPasswordDxe.inf index 06e8755ffc..2c0ebbcc78 100644 --- a/SecurityPkg/HddPassword/HddPasswordDxe.inf +++ b/SecurityPkg/HddPassword/HddPasswordDxe.inf @@ -50,6 +50,7 @@ PrintLib UefiLib LockBoxLib + VariablePolicyHelperLib S3BootScriptLib PciLib BaseCryptLib @@ -63,7 +64,7 @@ gEfiHiiConfigAccessProtocolGuid ## PRODUCES gEfiAtaPassThruProtocolGuid ## CONSUMES gEfiPciIoProtocolGuid ## CONSUMES - gEdkiiVariableLockProtocolGuid ## CONSUMES + gEdkiiVariablePolicyProtocolGuid ## CONSUMES [Pcd] gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt ## CONSUMES diff --git a/SecurityPkg/SecurityPkg.dsc b/SecurityPkg/SecurityPkg.dsc index 3bad5375c0..3c62205162 100644 --- a/SecurityPkg/SecurityPkg.dsc +++ b/SecurityPkg/SecurityPkg.dsc @@ -74,6 +74,7 @@ PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf TdxLib|MdePkg/Library/TdxLib/TdxLib.inf + VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf [LibraryClasses.ARM, LibraryClasses.AARCH64] #