From 4bf67f28993390a8fbdbd1522ffb838c3ab8c236 Mon Sep 17 00:00:00 2001 From: Sean Brogan Date: Fri, 31 Mar 2023 11:20:37 -0700 Subject: [PATCH] Make DFCI Lock Var Runtime accessible (#64) ## Description Due to how Variable Locking works the lock variable should be runtime accessible. - [x] Impacts functionality? - [x] Impacts security? ## How This Was Tested Code inspection ## Integration Instructions NA --- DfciPkg/Include/Guid/DfciInternalVariableGuid.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/DfciPkg/Include/Guid/DfciInternalVariableGuid.h b/DfciPkg/Include/Guid/DfciInternalVariableGuid.h index 1de68954..5b2338a0 100644 --- a/DfciPkg/Include/Guid/DfciInternalVariableGuid.h +++ b/DfciPkg/Include/Guid/DfciInternalVariableGuid.h @@ -25,7 +25,7 @@ extern EFI_GUID gDfciInternalVariableGuid; // Dfci Lock Variable. // #define DFCI_LOCK_VAR_NAME L"_DLCK" -#define DFCI_LOCK_VAR_ATTRIBUTES EFI_VARIABLE_BOOTSERVICE_ACCESS +#define DFCI_LOCK_VAR_ATTRIBUTES (EFI_VARIABLE_BOOTSERVICE_ACCESS | EFI_VARIABLE_RUNTIME_ACCESS) #define DFCI_LOCK_VAR_SIZE sizeof (UINT8) extern EFI_GUID gDfciLockVariableGuid;