[Bug]: Dfci variables remain unlocked after commit ac4bd1b7451447dfd524dc25f11193c5ea84ecde

Question

[Bug]: Dfci variables remain unlocked after commit ac4bd1b7451447dfd524dc25f11193c5ea84ecde

Closed this issue 2 years ago · 0 comments

Is there an existing issue for this?

I have searched existing issues

Current Behavior

On some platforms, internal Dfci Variables like _SPP remained unlocked after including code after ac4bd1b. This was due to the Security Lock for VariablePolicy occurring before Dfci tried to lock the variables.

Expected Behavior

After booting, all DFCI internal variables must be locked.

Steps To Reproduce

Boot to the shell. Attempt to delete _SPP (ie dmpstore -all _SPP -d)

Build Environment

- OS(s):Windows 11
- Tool Chain(s):VS2022
- Targets Impacted:RELEASE, DEBUG

Version Information

After ac4bd1b7451447dfd524dc25f11193c5ea84ecde

Urgency

High

Are you going to fix this?

I will fix it

Do you need maintainer feedback?

No maintainer feedback needed

Anything else?

No response