From 81968eb8f77d4c28a57086ff6b718ee2e5c7b32c Mon Sep 17 00:00:00 2001
From: Mike Ebersol <mebersol@microsoft.com>
Date: Tue, 29 Oct 2024 11:48:37 -0700
Subject: [PATCH] Support older OpenVMM logic for SECURE_BOOT

---
 vm/devices/firmware/firmware_uefi/src/service/nvram/mod.rs | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/vm/devices/firmware/firmware_uefi/src/service/nvram/mod.rs b/vm/devices/firmware/firmware_uefi/src/service/nvram/mod.rs
index a71e3264d..5cd4e0b15 100644
--- a/vm/devices/firmware/firmware_uefi/src/service/nvram/mod.rs
+++ b/vm/devices/firmware/firmware_uefi/src/service/nvram/mod.rs
@@ -359,7 +359,11 @@ impl NvramServices {
                 .set_variable_ucs2(vendor, name, delete_attr.into(), data.to_vec())
                 .await;
 
-            let attr = EfiVariableAttributes::DEFAULT_ATTRIBUTES_VOLATILE;
+            // TODO: For compatibility with older OpenHCL images that cannot handle a volatile
+            // variable, we still need to create with NV for now.  Once the above variable
+            // deletion code is deployed everywhere, replace with:
+            // let attr = EfiVariableAttributes::DEFAULT_ATTRIBUTES_VOLATILE;
+            let attr = EfiVariableAttributes::DEFAULT_ATTRIBUTES;
             self.services
                 .set_variable_ucs2(vendor, name, attr.into(), data.to_vec())
                 .await