# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r
# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r
# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 \r
- gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00|UINT32|0x00000001\r
+ # NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION since it violates the UEFI specification and has been removed.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001\r
\r
## Pcd for removable media.\r
# Removable media include CD-ROM, Floppy, USB and network.\r
# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r
# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r
# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005\r
- gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05|UINT32|0x00000002\r
+ # NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION since it violates the UEFI specification and has been removed.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04|UINT32|0x00000002\r
\r
## Pcd for fixed media.\r
# Fixed media include hard disk.\r
# DEFER_EXECUTE_ON_SECURITY_VIOLATION 0x00000003\r
# DENY_EXECUTE_ON_SECURITY_VIOLATION 0x00000004\r
# QUERY_USER_ON_SECURITY_VIOLATION 0x00000005 \r
- gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05|UINT32|0x00000003\r
+ # NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION since it violates the UEFI specification and has been removed.\r
+ gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04|UINT32|0x00000003\r
\r
## Defer Image Load policy settings.\r
# The policy is bitwise. \r