AuthVariableLib|MdeModulePkg/Library/AuthVariableLibNull/AuthVariableLibNull.inf\r
!endif\r
VarCheckLib|MdeModulePkg/Library/VarCheckLib/VarCheckLib.inf\r
+ UefiBootManagerLib|MdeModulePkg/Library/UefiBootManagerLib/UefiBootManagerLib.inf\r
\r
[LibraryClasses.common.SEC]\r
PcdLib|MdePkg/Library/BasePcdLibNull/BasePcdLibNull.inf\r
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderCode|20\r
gEmbeddedTokenSpaceGuid.PcdMemoryTypeEfiLoaderData|0\r
\r
- #\r
- # ARM Pcds\r
- #\r
- gArmTokenSpaceGuid.PcdArmUncachedMemoryMask|0x0000000000000000\r
-\r
!if $(SECURE_BOOT_ENABLE) == TRUE\r
# override the default values from SecurityPkg to ensure images from all sources are verified in secure boot\r
gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04\r
#\r
gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x3\r
\r
+ #\r
+ # Enable NX memory protection for all non-code regions, including OEM and OS\r
+ # reserved ones, with the exception of LoaderData regions, of which OS loaders\r
+ # (i.e., GRUB) may assume that its contents are executable.\r
+ #\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0xC000000000007FD1\r
+\r
[Components.common]\r
#\r
# Networking stack\r