#\r
\r
[PcdsFixedAtBuild, PcdsPatchableInModule]\r
- ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>\r
- # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\r
- # 0x00000000 Always trust the image.<BR>\r
- # 0x00000001 Never trust the image.<BR>\r
- # 0x00000002 Allow execution when there is security violation.<BR>\r
- # 0x00000003 Defer execution when there is security violation.<BR>\r
- # 0x00000004 Deny execution when there is security violation.<BR>\r
- # 0x00000005 Query user when there is security violation.<BR>\r
- # @Prompt Set policy for the image from OptionRom.\r
- # @ValidRange 0x80000001 | 0x00000000 - 0x00000005\r
- gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001\r
-\r
## Image verification policy for removable media which includes CD-ROM, Floppy, USB and network.\r
# Only following values are valid:<BR><BR>\r
# NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\r
gEfiSecurityPkgTokenSpaceGuid.PcdStatusCodeSubClassTpmDevice|0x010D0000|UINT32|0x00000007\r
\r
[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## Image verification policy for OptionRom. Only following values are valid:<BR><BR>\r
+ # NOTE: Do NOT use 0x5 and 0x2 since it violates the UEFI specification and has been removed.<BR>\r
+ # 0x00000000 Always trust the image.<BR>\r
+ # 0x00000001 Never trust the image.<BR>\r
+ # 0x00000002 Allow execution when there is security violation.<BR>\r
+ # 0x00000003 Defer execution when there is security violation.<BR>\r
+ # 0x00000004 Deny execution when there is security violation.<BR>\r
+ # 0x00000005 Query user when there is security violation.<BR>\r
+ # @Prompt Set policy for the image from OptionRom.\r
+ # @ValidRange 0x80000001 | 0x00000000 - 0x00000005\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001\r
+\r
## Indicates the presence or absence of the platform operator during firmware booting.\r
# If platform operator is not physical presence during boot. TPM will be locked and the TPM commands \r
# that required operator physical presence can not run.<BR><BR>\r