#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMaxAuthVariableSize_HELP #language en-US "The maximum size of a single authenticated variable."\r
"The value is 0 as default for compatibility that maximum authenticated variable size is specified by PcdMaxVariableSize."\r
\r
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMaxVolatileVariableSize_PROMPT #language en-US "The maximum size of a single non-authenticated volatile variable."\r
+\r
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMaxVolatileVariableSize_HELP #language en-US "The maximum size of a single non-authenticated volatile variable.<BR><BR>\n"\r
+ "The default value is 0 for compatibility: in that case, the maximum "\r
+ "non-authenticated volatile variable size remains specified by "\r
+ "PcdMaxVariableSize.<BR>\n"\r
+ "Only the MdeModulePkg/Universal/Variable/RuntimeDxe driver supports this PCD.<BR>"\r
+\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMaxHardwareErrorVariableSize_PROMPT #language en-US "Maximum HwErr variable size"\r
\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMaxHardwareErrorVariableSize_HELP #language en-US "The maximum size of single hardware error record variable.<BR><BR>\n"\r
"For the DxeIpl and the DxeCore are both X64, set NX for stack feature also require PcdDxeIplBuildPageTables be TRUE.<BR>"\r
"For the DxeIpl and the DxeCore are both IA32 (PcdDxeIplSwitchToLongMode is FALSE), set NX for stack feature also require"\r
"IA32 PAE is supported and Execute Disable Bit is available.<BR>"\r
- "TRUE - to set NX for stack.<BR>"\r
- "FALSE - Not to set NX for stack.<BR>"\r
+ "TRUE - Set NX for stack.<BR>"\r
+ "FALSE - Do nothing for stack.<BR>"\r
+ "Note: If this PCD is set to FALSE, NX could be still applied to stack due to PcdDxeNxMemoryProtectionPolicy enabled for EfiBootServicesData.<BR>"\r
\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiS3Enable_PROMPT #language en-US "ACPI S3 Enable"\r
\r
"this PCD to be TURE if and only if all runtime driver has seperated Code/Data\n"\r
"section. If PE code/data sections are merged, the result is unpredictable.\n"\r
\r
-#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdIdentifyMappingPageTablePtr_PROMPT #language en-US "Identify Mapping Page Table pointer."\r
-\r
-#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdIdentifyMappingPageTablePtr_HELP #language en-US "This dynamic PCD hold an address to point to the memory of page table. The page table establishes a 1:1\n"\r
- "Virtual to Physical mapping according to the processor physical address bits."\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdShadowPeimOnBoot_HELP #language en-US "Indicates if to shadow PEIM and PeiCore after memory is ready.<BR><BR>\n"\r
"This PCD is used on other boot path except for S3 boot.\n"\r
"TRUE - Shadow PEIM and PeiCore after memory is ready.<BR>\n"\r
\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdCapsuleMax_HELP #language en-US "CapsuleMax value in capsule report variable."\r
\r
-#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMaximumPeiResetNotifies_PROMPT #language en-US "Maximum Number of PEI Reset Filters or Reset Handlers."\r
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMaximumPeiResetNotifies_PROMPT #language en-US "Maximum Number of PEI Reset Filters, Reset Notifications or Reset Handlers."\r
\r
-#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMaximumPeiResetNotifies_HELP #language en-US "Indicates the allowable maximum number of Reset Filters or Reset Handlers in PEI phase."\r
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMaximumPeiResetNotifies_HELP #language en-US "Indicates the allowable maximum number of Reset Filters, <BR>\n"\r
+ "Reset Notifications or Reset Handlers in PEI phase."\r
\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdRecoveryFileName_PROMPT #language en-US "Recover file name in PEI phase"\r
\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdImageProtectionPolicy_HELP #language en-US "Set image protection policy. The policy is bitwise.\n"\r
"If a bit is set, the image will be protected by DxeCore if it is aligned.\n"\r
"The code section becomes read-only, and the data section becomes non-executable.\n"\r
- "If a bit is clear, the image will not be protected.<BR><BR>\n"\r
+ "If a bit is clear, nothing will be done to image code/data sections.<BR><BR>\n"\r
"BIT0 - Image from unknown device. <BR>\n"\r
"BIT1 - Image from firmware volume.<BR>"\r
+ "Note: If a bit is cleared, the data section could be still non-executable if\n"\r
+ "PcdDxeNxMemoryProtectionPolicy is enabled for EfiLoaderData, EfiBootServicesData\n"\r
+ "and/or EfiRuntimeServicesData.<BR>"\r
\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_PROMPT #language en-US "Set DXE memory protection policy."\r
\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdDxeNxMemoryProtectionPolicy_HELP #language en-US "Set DXE memory protection policy. The policy is bitwise.\n"\r
"If a bit is set, memory regions of the associated type will be mapped\n"\r
- "non-executable.<BR><BR>\n"\r
+ "non-executable.<BR>\n"\r
+ "If a bit is cleared, nothing will be done to associated type of memory.<BR><BR>\n"\r
"\n"\r
"Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\n"\r
"EfiReservedMemoryType 0x0001<BR>\n"\r
" before and after corresponding type of pages allocated if there's enough\n"\r
" free pages for all of them. The page allocation for the type related to\n"\r
" cleared bits keeps the same as ususal.\n\n"\r
+ " This PCD is only valid if BIT0 and/or BIT2 are set in PcdHeapGuardPropertyMask.\n\n"\r
" Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\n"\r
" EfiReservedMemoryType 0x0000000000000001\n"\r
" EfiLoaderCode 0x0000000000000002\n"\r
" before and after corresponding type of pages which the allocated pool occupies,\n"\r
" if there's enough free memory for all of them. The pool allocation for the\n"\r
" type related to cleared bits keeps the same as ususal.\n\n"\r
+ " This PCD is only valid if BIT1 and/or BIT3 are set in PcdHeapGuardPropertyMask.\n\n"\r
" Below is bit mask for this PCD: (Order is same as UEFI spec)<BR>\n"\r
" EfiReservedMemoryType 0x0000000000000001\n"\r
" EfiLoaderCode 0x0000000000000002\n"\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_PROMPT #language en-US "The Heap Guard feature mask"\r
\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdHeapGuardPropertyMask_HELP #language en-US "This mask is to control Heap Guard behavior.\n"\r
- "Note that due to the limit of pool memory implementation and the alignment\n"\r
- "requirement of UEFI spec, BIT7 is a try-best setting which cannot guarantee\n"\r
- "that the returned pool is exactly adjacent to head guard page or tail guard\n"\r
- "page.\n"\r
+ " Note:\n"\r
+ " a) Heap Guard is for debug purpose and should not be enabled in product"\r
+ " BIOS.\n"\r
+ " b) Due to the limit of pool memory implementation and the alignment"\r
+ " requirement of UEFI spec, BIT7 is a try-best setting which cannot"\r
+ " guarantee that the returned pool is exactly adjacent to head guard"\r
+ " page or tail guard page.\n"\r
+ " c) UEFI freed-memory guard and UEFI pool/page guard cannot be enabled"\r
+ " at the same time.\n"\r
" BIT0 - Enable UEFI page guard.<BR>\n"\r
" BIT1 - Enable UEFI pool guard.<BR>\n"\r
" BIT2 - Enable SMM page guard.<BR>\n"\r
" BIT3 - Enable SMM pool guard.<BR>\n"\r
+ " BIT4 - Enable UEFI freed-memory guard (Use-After-Free memory detection).<BR>\n"\r
" BIT7 - The direction of Guard Page for Pool Guard.\n"\r
" 0 - The returned pool is near the tail guard page.<BR>\n"\r
" 1 - The returned pool is near the head guard page.<BR>"\r