diff --git a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
index 5ff48cff2f..c99cd2310e 100644
--- a/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
+++ b/SecurityPkg/VariableAuthenticated/RuntimeDxe/Variable.c
@@ -2501,7 +2501,12 @@ IsReadOnlyVariable (
     if ((StrCmp (VariableName, EFI_SETUP_MODE_NAME) == 0) ||
         (StrCmp (VariableName, EFI_SIGNATURE_SUPPORT_NAME) == 0) ||
         (StrCmp (VariableName, EFI_SECURE_BOOT_MODE_NAME) == 0) ||
-        (StrCmp (VariableName, EFI_VENDOR_KEYS_VARIABLE_NAME) == 0)) {
+        (StrCmp (VariableName, EFI_VENDOR_KEYS_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_KEK_DEFAULT_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_PK_DEFAULT_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_DB_DEFAULT_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_DBX_DEFAULT_VARIABLE_NAME) == 0) ||
+        (StrCmp (VariableName, EFI_DBT_DEFAULT_VARIABLE_NAME) == 0)) {
       return TRUE;
     }
   }