#\r
gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|TRUE\r
\r
+!if $(SECURE_BOOT_ENABLE) == TRUE\r
+ # override the default values from SecurityPkg to ensure images from all sources are verified in secure boot\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04\r
+!endif\r
+\r
[PcdsFixedAtBuild.AARCH64]\r
# Clearing BIT0 in this PCD prevents installing a 32-bit SMBIOS entry point,\r
# if the entry point version is >= 3.0. AARCH64 OSes cannot assume the\r