@hattifattener @dangoodin @matrosov
So I think the ultimate issue might be that arbitrary code execution within DXE likely means that an attacker can call or otherwise implement the logic of PCR extension themselves with arbitrary digests to fool the TPM into thinking that everything is fine.
If this extends to being able to i.e. load a filesystem driver, unpack and relocate a malicious EFI PE, and jump to its entry point manually, seems like you could bypass any PCR checks as well