+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD indicates whether to set TPM physicalPresenceLifetimeLock bit.\r
+ # Once this bit is set, it can not be cleared (It is locked for TPM life time).\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceLifetimeLock|FALSE|BOOLEAN|0x00010003\r
+ \r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD is used to specify the default value for physicalPresenceCMDEnable bit when setting physicalPresenceLifetimeLock bit.\r
+ # If PcdPhysicalPresenceCmdEnable is set to TRUE, physicalPresenceCMDEnable bit will be set, else this bit will be cleared.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceCmdEnable|TRUE|BOOLEAN|0x00010004\r
+ \r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD is used to specify the default value for physicalPresenceHWEnable bit when setting physicalPresenceLifetimeLock bit.\r
+ # If PcdPhysicalPresenceHwEnable is set to TRUE, physicalPresenceHWEnable bit will be set, else this bit will be cleared.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdPhysicalPresenceHwEnable|TRUE|BOOLEAN|0x00010005\r
+\r
+[PcdsFixedAtBuild, PcdsPatchableInModule, PcdsDynamic, PcdsDynamicEx]\r
+ ## This PCD indicates if debugger exists.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdFirmwareDebuggerInitialized|FALSE|BOOLEAN|0x00010009\r
+\r
+ ## This PCD indicates the TPM2 initialization policy.\r
+ # 0: No initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.\r
+ # 1: Initialization needed.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2InitializationPolicy|1|UINT8|0x0001000A\r
+\r
+ ## This PCD indicates the TPM initialization policy.\r
+ # 0: No initialization needed - most likely used for chipset SRTM solution, in which TPM is already initialized.\r
+ # 1: Initialization needed.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInitializationPolicy|1|UINT8|0x0001000B\r
+\r
+ ## This PCD indicates the TPM2 SelfTest policy.\r
+ # 0: No SelfTest needed - most likely used for fTPM, because it might already be tested.\r
+ # 1: SelfTest needed.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2SelfTestPolicy|1|UINT8|0x0001000C\r
+\r
+ ## This PCD indicates the TPM2 SCRTM policy.\r
+ # 0: No SCRTM needed - In this case, it is already done.\r
+ # 1: SCRTM done by BIOS.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2ScrtmPolicy|1|UINT8|0x0001000D\r
+\r
+ ## This PCD indicates the TPM SCRTM policy.\r
+ # 0: No SCRTM needed - In this case, it is already done.\r
+ # 1: SCRTM done by BIOS.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmScrtmPolicy|1|UINT8|0x0001000E\r
+\r
+ ## Guid name to identify TPM instance\r
+ # TPM_DEVICE_INTERFACE_NONE means disable\r
+ # TPM_DEVICE_INTERFACE_TPM12 means TPM1.2 DTPM\r
+ # TPM_DEVICE_INTERFACE_DTPM2 means TPM2 DTPM\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmInstanceGuid |{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }|VOID*|0x0001000F\r
+\r
+ ## This PCD indicates the TPM2 Hash mask.\r
+ # BIT0: SHA1\r
+ # BIT1: SHA256\r
+ # BIT2: SHA384\r
+ # BIT3: SHA512\r
+ # If this bit is set, that means this algorithm is needed to extend to PCR.\r
+ # If this bit is clear, that means this algorithm is NOT needed to extend to PCR.\r
+ # 0xFFFFFFFF means extend all.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpm2HashMask|0xFFFFFFFF|UINT32|0x00010010\r
+\r
+ ## This PCD indicates if BIOS auto detect TPM1.2 or dTPM2.0.\r
+ # 0: No auto detection.\r
+ # 1: Auto detection.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmAutoDetection|TRUE|BOOLEAN|0x00010011\r
+\r
+ ## This PCD indicates TPM base address.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdTpmBaseAddress|0xFED40000|UINT64|0x00010012\r
+\r
+ ## Provides one or more SHA 256 Hashes of the RSA 2048 public keys used to verify Recovery and Capsule Update images\r
+ #\r
+ # @Prompt One or more SHA 256 Hashes of RSA 2048 bit public keys used to verify Recovery and Capsule Update images\r
+ #\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdRsa2048Sha256PublicKeyBuffer|{0x91, 0x29, 0xc4, 0xbd, 0xea, 0x6d, 0xda, 0xb3, 0xaa, 0x6f, 0x50, 0x16, 0xfc, 0xdb, 0x4b, 0x7e, 0x3c, 0xd6, 0xdc, 0xa4, 0x7a, 0x0e, 0xdd, 0xe6, 0x15, 0x8c, 0x73, 0x96, 0xa2, 0xd4, 0xa6, 0x4d}|VOID*|0x00010013\r
+
\ No newline at end of file