OvmfPkg: set image protection to be default

gaojiaqi7 · mxu9 · commit 91a2ce53f75d · 2021-12-09T10:45:43.000+08:00
The default value of PcdImageProtectionPolicy is 2, which will enable the
protection policy on image from firmware volume. Then the code section
will be set to read-only, and the data section will be set to
non-executable.

Signed-off-by: Jiaqi Gao &lt;jiaqi.gao@intel.com&gt;
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
@@ -631,7 +631,7 @@
 
   # Noexec settings for DXE.
   # TDX doesn't allow us to change EFER so make sure these are disabled
-  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000000
+  #gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000000
   gEfiMdeModulePkgTokenSpaceGuid.PcdDxeNxMemoryProtectionPolicy|0x00000000
   # Noexec settings for DXE.
   # TDX doesn't allow us to change EFER so make sure these are disabled
