In order to help prevent vulnerabilities in secure boot implementations, the default policy for Option ROMs was changed to a more secure value.
This issue is addressed by EDK2 SVN https://sourceforge.net/p/edk2/code/14607
Reported by the Advanced Threat Research team at Intel Security.