+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD indicates whether to set TPM physicalPresenceLifetimeLock bit.\r
+ ## Once this bit is set, it can not be cleared (It is locked for TPM life time).\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock|FALSE|BOOLEAN|0x00010003\r
+ \r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD is used to specify the default value for physicalPresenceCMDEnable bit when setting physicalPresenceLifetimeLock bit.\r
+ ## If PcdPhysicalPresenceCmdEnable is set to TRUE, physicalPresenceCMDEnable bit will be set, else this bit will be cleared.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable|TRUE|BOOLEAN|0x00010004\r
+ \r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD is used to specify the default value for physicalPresenceHWEnable bit when setting physicalPresenceLifetimeLock bit.\r
+ ## If PcdPhysicalPresenceHwEnable is set to TRUE, physicalPresenceHWEnable bit will be set, else this bit will be cleared.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable|TRUE|BOOLEAN|0x00010005\r
+\r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD indicates if debugger exists.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized|FALSE|BOOLEAN|0x00010009\r
+\r
+ ## This PCD indicates the TPM2 initializatin policy.\r
+ ## 0: No initialization needed - most likely used for chipset SRTM sloution, in which TPM is already initialized.\r
+ ## 1: Initialization needed.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1|UINT8|0x0001000A\r
+\r
+ ## This PCD indicates the TPM initializatin policy.\r
+ ## 0: No initialization needed - most likely used for chipset SRTM sloution, in which TPM is already initialized.\r
+ ## 1: Initialization needed.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1|UINT8|0x0001000B\r
+\r
+ ## This PCD indicates the TPM2 SelfTest policy.\r
+ ## 0: No SelfTest needed - most likely used for fTPM, because it might already be tested.\r
+ ## 1: SelfTest needed.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|1|UINT8|0x0001000C\r
+\r
+ ## This PCD indicates the TPM2 SCRTM policy.\r
+ ## 0: No SCRTM needed - In this case, it is already done.\r
+ ## 1: SCRTM done by BIOS.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy|1|UINT8|0x0001000D\r
+\r
+ ## This PCD indicates the TPM SCRTM policy.\r
+ ## 0: No SCRTM needed - In this case, it is already done.\r
+ ## 1: SCRTM done by BIOS.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E\r
+\r
+ ## Guid name to identify TPM instance\r
+ ## TPM_DEVICE_INTERFACE_NONE means disable\r
+ ## TPM_DEVICE_INTERFACE_TPM12 means TPM1.2 DTPM\r
+ ## TPM_DEVICE_INTERFACE_DTPM2 means TPM2 DTPM\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid |{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }|VOID*|0x0001000F\r
+\r
+ ## This PCD indicates the TPM2 Hash mask.\r
+ ## BIT0: SHA1\r
+ ## BIT1: SHA256\r
+ ## BIT2: SHA384\r
+ ## BIT3: SHA512\r
+ ## If this bit is set, that means this algorithm is needed to extend to PCR.\r
+ ## If this bit is clear, that means this algorithm is NOT needed to extend to PCR.\r
+ ## 0xFFFFFFFF means extend all.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0xFFFFFFFF|UINT32|0x00010010\r
+\r
+ ## This PCD indicates if BIOS auto detect TPM1.2 or dTPM2.0.\r
+ ## 0: No auto detection.\r
+ ## 1: Auto detection.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection|TRUE|BOOLEAN|0x00010011\r
+\r
+ ## This PCD indicates TPM base address.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0xFED40000|UINT64|0x00010012\r