2 files changed, 12 insertions, 0 deletions

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
index 6d80eb6434..085f82035f 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/TcgMorLockSmm.c
@@ -5,6 +5,7 @@
   This module adds Variable Hook and check MemoryOverwriteRequestControlLock.

 

 Copyright (c) 2016 - 2018, Intel Corporation. All rights reserved.<BR>

+Copyright (c) Microsoft Corporation.

 SPDX-License-Identifier: BSD-2-Clause-Patent

 

 **/

@@ -17,6 +18,10 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #include <Library/BaseMemoryLib.h>

 #include "Variable.h"

 

+#include <Protocol/VariablePolicy.h>

+

+#include <Library/VariablePolicyLib.h>

+

 typedef struct {

   CHAR16                                 *VariableName;

   EFI_GUID                               *VendorGuid;

@@ -341,6 +346,11 @@ SetVariableCheckHandlerMor (
     return EFI_SUCCESS;

   }

 

+  // Permit deletion when policy is disabled.

+  if (!IsVariablePolicyEnabled() && ((Attributes == 0) || (DataSize == 0))) {

+    return EFI_SUCCESS;

+  }

+

   //

   // MorLock variable

   //

diff --git a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
index 6e17f6cdf5..d8f480be27 100644
--- a/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
+++ b/MdeModulePkg/Universal/Variable/RuntimeDxe/VariableStandaloneMm.inf
@@ -20,6 +20,7 @@
 #

 # Copyright (c) 2010 - 2019, Intel Corporation. All rights reserved.<BR>

 # Copyright (c) 2018, Linaro, Ltd. All rights reserved.<BR>

+# Copyright (c) Microsoft Corporation.

 # SPDX-License-Identifier: BSD-2-Clause-Patent

 #

 ##

@@ -74,6 +75,7 @@
   StandaloneMmDriverEntryPoint

   SynchronizationLib

   VarCheckLib

+  VariablePolicyLib

 

 [Protocols]

   gEfiSmmFirmwareVolumeBlockProtocolGuid        ## CONSUMES