+ ## GUID used to select supported TPM instance from UI.\r
+ # Include/Guid/TpmInstance.h\r
+ gEfiTpmDeviceSelectedGuid = { 0x7f4158d3, 0x74d, 0x456d, { 0x8c, 0xb2, 0x1, 0xf9, 0xc8, 0xf7, 0x9d, 0xaa } }\r
+\r
+ ## GUID used for FormSet and config variable.\r
+ # Include/Guid/TrEEConfigHii.h\r
+ gTrEEConfigFormSetGuid = {0xc54b425f, 0xaa79, 0x48b4, { 0x98, 0x1f, 0x99, 0x8b, 0x3c, 0x4b, 0x64, 0x1c }}\r
+\r
+[Ppis]\r
+ ## The PPI GUID for that TPM physical presence should be locked.\r
+ # Include/Ppi/LockPhysicalPresence.h\r
+ gPeiLockPhysicalPresencePpiGuid = { 0xef9aefe5, 0x2bd3, 0x4031, { 0xaf, 0x7d, 0x5e, 0xfe, 0x5a, 0xbb, 0x9a, 0xd } }\r
+\r
+ ## The PPI GUID for that TPM is initialized.\r
+ # Include/Ppi/TpmInitialized.h\r
+ gPeiTpmInitializedPpiGuid = { 0xe9db0d58, 0xd48d, 0x47f6, { 0x9c, 0x6e, 0x6f, 0x40, 0xe8, 0x6c, 0x7b, 0x41 }}\r
+\r
+ ## Include/Ppi/FirmwareVolumeInfoMeasurementExcluded.h\r
+ gEfiPeiFirmwareVolumeInfoMeasurementExcludedPpiGuid = { 0x6e056ff9, 0xc695, 0x4364, { 0x9e, 0x2c, 0x61, 0x26, 0xf5, 0xce, 0xea, 0xae } }\r
+\r
+#\r
+# [Error.gEfiSecurityPkgTokenSpaceGuid]\r
+# 0x80000001 | Invalid value provided.\r
+# 0x80000002 | Reserved bits must be set to zero.\r
+#\r
+\r
+[PcdsFixedAtBuild, PcdsPatchableInModule]\r
+ ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>\r
+ # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\r
+ # 0x00000000 Always trust the image.<BR>\r
+ # 0x00000001 Never trust the image.<BR>\r
+ # 0x00000002 Allow execution when there is security violation.<BR>\r
+ # 0x00000003 Defer execution when there is security violation.<BR>\r
+ # 0x00000004 Deny execution when there is security violation.<BR>\r
+ # 0x00000005 Query user when there is security violation.<BR>\r
+ # @Prompt Set policy for the image from OptionRom.\r
+ # @ValidRange 0x80000001 | 0x00000000 - 0x00000005\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001\r
+\r
+ ## Image verification policy for removable media which includes CD-ROM, Floppy, USB and network.\r
+ # Only following values are valid:<BR><BR>\r
+ # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\r
+ # 0x00000000 Always trust the image.<BR>\r
+ # 0x00000001 Never trust the image.<BR>\r
+ # 0x00000002 Allow execution when there is security violation.<BR>\r
+ # 0x00000003 Defer execution when there is security violation.<BR>\r
+ # 0x00000004 Deny execution when there is security violation.<BR>\r
+ # 0x00000005 Query user when there is security violation.<BR>\r
+ # @Prompt Set policy for the image from removable media.\r
+ # @ValidRange 0x80000001 | 0x00000000 - 0x00000005\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04|UINT32|0x00000002\r
+\r
+ ## Image verification policy for fixed media which includes hard disk.\r
+ # Only following values are valid:<BR><BR>\r
+ # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\r
+ # 0x00000000 Always trust the image.<BR>\r
+ # 0x00000001 Never trust the image.<BR>\r
+ # 0x00000002 Allow execution when there is security violation.<BR>\r
+ # 0x00000003 Defer execution when there is security violation.<BR>\r
+ # 0x00000004 Deny execution when there is security violation.<BR>\r
+ # 0x00000005 Query user when there is security violation.<BR>\r
+ # @Prompt Set policy for the image from fixed media.\r
+ # @ValidRange 0x80000001 | 0x00000000 - 0x00000005 \r
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04|UINT32|0x00000003\r
+\r
+ ## Defer Image Load policy settings. The policy is bitwise. \r
+ # If a bit is set, the image from corresponding device will be trusted when loading. Or \r
+ # the image will be deferred. The deferred image will be checked after user is identified.<BR><BR>\r
+ # BIT0 - Image from unknown device. <BR>\r
+ # BIT1 - Image from firmware volume.<BR>\r
+ # BIT2 - Image from OptionRom.<BR>\r
+ # BIT3 - Image from removable media which includes CD-ROM, Floppy, USB and network.<BR>\r
+ # BIT4 - Image from fixed media device which includes hard disk.<BR>\r
+ # @Prompt Set policy whether trust image before user identification.\r
+ # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F \r
+ gEfiSecurityPkgTokenSpaceGuid.PcdDeferImageLoadPolicy|0x0000001F|UINT32|0x0000004\r
+\r
+ ## Null-terminated Unicode string of the file name that is the default name to save USB credential.\r