+ #\r
+ # Enable strict image permissions for all images. (This applies\r
+ # only to images that were built with >= 4 KB section alignment.)\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3\r
+\r
+ #\r
+ # Enable NX memory protection for all non-code regions, including OEM and OS\r
+ # reserved ones, with the exception of LoaderData regions, of which OS loaders\r
+ # (i.e., GRUB) may assume that its contents are executable.\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1\r
+\r
+ #\r
+ # Enable the non-executable DXE stack. (This gets set up by DxeIpl)\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE\r
+\r
+[PcdsFixedAtBuild.ARM]\r
+ gEmbeddedTokenSpaceGuid.PcdPrePiCpuMemorySize|40\r
+\r