]> git.proxmox.com Git - mirror_edk2.git/blobdiff - SecurityPkg/SecurityPkg.dec
projects / mirror_edk2.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
1. Change default PCD in SecurityPkg to 4 (DENY_EXECUTE) in DEC file.
[mirror_edk2.git] / SecurityPkg / SecurityPkg.dec
diff --git a/SecurityPkg/SecurityPkg.dec b/SecurityPkg/SecurityPkg.dec
index 4c3129a8aef43d6057b86d4d71871a29eca11190..610682717e1901e2fdfe7d6ec72cec8846ec17eb 100644 (file)
--- a/SecurityPkg/SecurityPkg.dec
+++ b/SecurityPkg/SecurityPkg.dec
@@ -87,7 +87,8 @@
   #  DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003\r
   #  DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004\r
   #  QUERY_USER_ON_SECURITY_VIOLATION       0x00000005 \r
-  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x00|UINT32|0x00000001\r
+  #  NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION since it violates the UEFI specification and has been removed.\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdOptionRomImageVerificationPolicy|0x04|UINT32|0x00000001\r
   \r
   ## Pcd for removable media.\r
   #  Removable media include CD-ROM, Floppy, USB and network.\r
@@ -98,7 +99,8 @@
   #  DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003\r
   #  DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004\r
   #  QUERY_USER_ON_SECURITY_VIOLATION       0x00000005\r
-  gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x05|UINT32|0x00000002\r
+  #  NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION since it violates the UEFI specification and has been removed.\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdRemovableMediaImageVerificationPolicy|0x04|UINT32|0x00000002\r
   \r
   ## Pcd for fixed media.\r
   #  Fixed media include hard disk.\r
@@ -109,7 +111,8 @@
   #  DEFER_EXECUTE_ON_SECURITY_VIOLATION    0x00000003\r
   #  DENY_EXECUTE_ON_SECURITY_VIOLATION     0x00000004\r
   #  QUERY_USER_ON_SECURITY_VIOLATION       0x00000005  \r
-  gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x05|UINT32|0x00000003\r
+  #  NOTE: Do NOT use QUERY_USER_ON_SECURITY_VIOLATION since it violates the UEFI specification and has been removed.\r
+  gEfiSecurityPkgTokenSpaceGuid.PcdFixedMediaImageVerificationPolicy|0x04|UINT32|0x00000003\r
   \r
   ## Defer Image Load policy settings.\r
   #  The policy is bitwise. \r
EFI Development Kit II mirror for PVE