diff --git a/DasharoModulePkg/Include/DasharoOptions.h b/DasharoModulePkg/Include/DasharoOptions.h
index 3ad5e34056..26ad167c6e 100644
--- a/DasharoModulePkg/Include/DasharoOptions.h
+++ b/DasharoModulePkg/Include/DasharoOptions.h
@@ -44,7 +44,8 @@ SPDX-License-Identifier: BSD-2-Clause-Patent
 #define DASHARO_VAR_CORE_ACTIVE_COUNT             L"CoreActiveCount"
 #define DASHARO_VAR_HYPER_THREADING               L"HyperThreading"
 #define DASHARO_VAR_USB_PORT_POWER                L"UsbPortPower"
-#define DASHARO_VAR_DGPU_STATE                  L"DGPUState"
+#define DASHARO_VAR_DGPU_STATE                    L"DGPUState"
+#define DASHARO_VAR_DESCRIPTOR_WRITEABLE          L"DescriptorWriteable"
 
 // Other
 #define DASHARO_VAR_SMBIOS_UUID  L"Type1UUID"
diff --git a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c
index c8bc03f828..1f7e17a7d3 100644
--- a/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c
+++ b/DasharoModulePkg/Library/DasharoSystemFeaturesUiLib/DasharoSystemFeatures.c
@@ -139,7 +139,8 @@ DasharoSystemFeaturesUiLibConstructor (
 )
 {
   EFI_STATUS  Status;
-  UINTN       BufferSize;
+  UINTN       BufferSize, VarSize;
+  UINT8       DescriptorWriteable;
 
   if (!FixedPcdGetBool (PcdShowMenu))
     return EFI_SUCCESS;
@@ -206,6 +207,19 @@ DasharoSystemFeaturesUiLibConstructor (
   PRIVATE_DATA(ShowMemorySpdProfile) = FixedPcdGetBool(PcdShowMemorySpdProfileOption);
   PRIVATE_DATA(ShowMemoryIbecc) = FixedPcdGetBool(PcdShowMemoryIbeccOption);
 
+  // HAP is only available if descriptor is not locked
+  VarSize = sizeof (DescriptorWriteable);
+  Status = gRT->GetVariable (
+      DASHARO_VAR_DESCRIPTOR_WRITEABLE,
+      &gDasharoSystemFeaturesGuid,
+      NULL,
+      &VarSize,
+      &DescriptorWriteable
+      );
+
+  if (!EFI_ERROR(Status))
+      PRIVATE_DATA(MeHapAvailable) &= DescriptorWriteable;
+
   // Ensure at least one option is visible in given menu (if enabled), otherwise hide it
   if (PRIVATE_DATA(ShowSecurityMenu))
     PRIVATE_DATA(ShowSecurityMenu) = FixedPcdGetBool (PcdDasharoEnterprise) ||
diff --git a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c
index 94b527f71a..3485b1d07d 100644
--- a/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c
+++ b/DasharoModulePkg/Library/DasharoVariablesLib/DasharoVariablesLib.c
@@ -559,7 +559,7 @@ DasharoCapsulesCanPersistAcrossReset (
   )
 {
   EFI_STATUS  Status;
-  UINT8       MeMode;
+  UINT8       MeMode, DescriptorWriteable;
   UINTN       VarSize;
 
   //
@@ -576,6 +576,23 @@ DasharoCapsulesCanPersistAcrossReset (
     return FALSE;
   }
 
+  //
+  // If the descriptor is locked, we'll only be updating the BIOS region, so ME
+  // state is irrelevant.
+  //
+  VarSize = sizeof (DescriptorWriteable);
+  Status = gRT->GetVariable (
+      DASHARO_VAR_DESCRIPTOR_WRITEABLE,
+      &gDasharoSystemFeaturesGuid,
+      NULL,
+      &VarSize,
+      &DescriptorWriteable
+      );
+
+  if (!EFI_ERROR (Status) && !DescriptorWriteable) {
+    return TRUE;
+  }
+
   MeMode = DASHARO_ME_MODE_ENABLE;
   VarSize = sizeof (MeMode);