Securitypkg/hddpassword: Update HddPasswordDxeInit to use Variable Policy

REF: https://bugzilla.tianocore.org/show_bug.cgi?id=4408

Cc: Jiewen Yao   <jiewen.yao@intel.com>
Cc: Maggie Chu   <maggie.chu@intel.com>
Cc: Kumar Rahul  <rahul.r.kumar@intel.com>
Signed-off-by: Linus Liu <linus.liu@intel.com>
Reviewed-by: Jiewen Yao   <jiewen.yao@intel.com>

SecurityPkg/HddPassword/HddPasswordDxe.c

@@ -9,6 +9,7 @@
 **/
 
 #include "HddPasswordDxe.h"
+#include <Library/VariablePolicyHelperLib.h>
 
 EFI_GUID    mHddPasswordVendorGuid          = HDD_PASSWORD_CONFIG_GUID;
 CHAR16      mHddPasswordVendorStorageName[] = L"HDD_PASSWORD_CONFIG";
@@ -2818,11 +2819,11 @@ HddPasswordDxeInit (
   IN EFI_SYSTEM_TABLE  *SystemTable
   )
 {
-  EFI_STATUS                     Status;
-  HDD_PASSWORD_DXE_PRIVATE_DATA  *Private;
-  VOID                           *Registration;
-  EFI_EVENT                      EndOfDxeEvent;
-  EDKII_VARIABLE_LOCK_PROTOCOL   *VariableLock;
+  EFI_STATUS                      Status;
+  HDD_PASSWORD_DXE_PRIVATE_DATA   *Private;
+  VOID                            *Registration;
+  EFI_EVENT                       EndOfDxeEvent;
+  EDKII_VARIABLE_POLICY_PROTOCOL  *VariablePolicy;
 
   Private = NULL;
 
@@ -2858,13 +2859,18 @@ HddPasswordDxeInit (
   //
   // Make HDD_PASSWORD_VARIABLE_NAME variable read-only.
   //
-  Status = gBS->LocateProtocol (&gEdkiiVariableLockProtocolGuid, NULL, (VOID **)&VariableLock);
+  Status = gBS->LocateProtocol (&gEdkiiVariablePolicyProtocolGuid, NULL, (VOID **)&VariablePolicy);
   if (!EFI_ERROR (Status)) {
-    Status = VariableLock->RequestToLock (
-                             VariableLock,
-                             HDD_PASSWORD_VARIABLE_NAME,
-                             &mHddPasswordVendorGuid
-                             );
+    Status = RegisterBasicVariablePolicy (
+               VariablePolicy,
+               &mHddPasswordVendorGuid,
+               HDD_PASSWORD_VARIABLE_NAME,
+               VARIABLE_POLICY_NO_MIN_SIZE,
+               VARIABLE_POLICY_NO_MAX_SIZE,
+               VARIABLE_POLICY_NO_MUST_ATTR,
+               VARIABLE_POLICY_NO_CANT_ATTR,
+               VARIABLE_POLICY_TYPE_LOCK_NOW
+               );
     DEBUG ((DEBUG_INFO, "%a(): Lock %s variable (%r)\n", __func__, HDD_PASSWORD_VARIABLE_NAME, Status));
     ASSERT_EFI_ERROR (Status);
   }

SecurityPkg/HddPassword/HddPasswordDxe.h

@@ -17,7 +17,6 @@
 #include <Protocol/AtaPassThru.h>
 #include <Protocol/PciIo.h>
 #include <Protocol/HiiConfigAccess.h>
-#include <Protocol/VariableLock.h>
 
 #include <Guid/MdeModuleHii.h>
 #include <Guid/EventGroup.h>

SecurityPkg/HddPassword/HddPasswordDxe.inf

@@ -50,6 +50,7 @@
   PrintLib
   UefiLib
   LockBoxLib
+  VariablePolicyHelperLib
   S3BootScriptLib
   PciLib
   BaseCryptLib
@@ -63,7 +64,7 @@
   gEfiHiiConfigAccessProtocolGuid               ## PRODUCES
   gEfiAtaPassThruProtocolGuid                   ## CONSUMES
   gEfiPciIoProtocolGuid                         ## CONSUMES
-  gEdkiiVariableLockProtocolGuid                ## CONSUMES
+  gEdkiiVariablePolicyProtocolGuid              ## CONSUMES
 
 [Pcd]
   gEfiSecurityPkgTokenSpaceGuid.PcdSkipHddPasswordPrompt  ## CONSUMES

SecurityPkg/SecurityPkg.dsc

@@ -74,6 +74,7 @@
   PlatformPKProtectionLib|SecurityPkg/Library/PlatformPKProtectionLibVarPolicy/PlatformPKProtectionLibVarPolicy.inf
   SecureBootVariableProvisionLib|SecurityPkg/Library/SecureBootVariableProvisionLib/SecureBootVariableProvisionLib.inf
   TdxLib|MdePkg/Library/TdxLib/TdxLib.inf
+  VariablePolicyHelperLib|MdeModulePkg/Library/VariablePolicyHelperLib/VariablePolicyHelperLib.inf
 
 [LibraryClasses.ARM, LibraryClasses.AARCH64]
   #