# @Prompt Shadow Peim and PeiCore on boot\r
gEfiMdeModulePkgTokenSpaceGuid.PcdShadowPeimOnBoot|TRUE|BOOLEAN|0x30001029\r
\r
+ ## Enable the feature that evacuate temporary memory to permanent memory or not<BR><BR>\r
+ # Set FALSE as default, if the developer need this feature to avoid this vulnerability, please\r
+ # enable it to shadow all PEIMs no matter the behavior controled by PcdShadowPeimOnBoot or\r
+ # PcdShadowPeimOnS3Boot<BR>\r
+ # TRUE - Evacuate temporary memory, the actions include copy memory, convert PPI pointers and so on.<BR>\r
+ # FALSE - Do nothing, for example, no copy memory, no convert PPI pointers and so on.<BR>\r
+ # @Prompt Evacuate temporary memory to permanent memory\r
+ gEfiMdeModulePkgTokenSpaceGuid.PcdMigrateTemporaryRamFirmwareVolumes|FALSE|BOOLEAN|0x3000102A\r
+\r
## The mask is used to control memory profile behavior.<BR><BR>\r
# BIT0 - Enable UEFI memory profile.<BR>\r
# BIT1 - Enable SMRAM profile.<BR>\r
"TRUE - Shadow PEIM on S3 boot path after memory is ready.<BR>\n"\r
"FALSE - Not shadow PEIM on S3 boot path after memory is ready.<BR>"\r
\r
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMigrateTemporaryRamFirmwareVolumes_HELP #language en-US "Enable the feature that evacuate temporary memory to permanent memory or not.<BR><BR>\n"\r
+ "It will allocate page to save the temporary PEIMs resided in NEM(or CAR) to the permanent memory and change all pointers pointed to the NEM(or CAR) to permanent memory.<BR><BR>\n"\r
+ "After then, there are no pointer pointed to NEM(or CAR) and TOCTOU volnerability can be avoid.<BR><BR>\n"\r
+\r
+#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdMigrateTemporaryRamFirmwareVolumes_PROMPT #language en-US "Enable the feature that evacuate temporary memory to permanent memory or not"\r
+\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiDefaultOemId_PROMPT #language en-US "Default OEM ID for ACPI table creation"\r
\r
#string STR_gEfiMdeModulePkgTokenSpaceGuid_PcdAcpiDefaultOemId_HELP #language en-US "Default OEM ID for ACPI table creation, its length must be 0x6 bytes to follow ACPI specification."\r