I am studying the UEFI firmware code and noticed a random number generation that looks like this:

Status = Tpm2NvRead (TPM_RH_P, Index, Auth, KEY_SIZE, 0, Data);

[...]

for (I = 32; I < KEY_SIZE; I++) {
   RandomN[I - 32] = Data->buffer[I];
}

Here, reading from the TPM occurs at a fixed index, and the obtained value is considered the random number. I assume this is not secure code, as an attacker could control the randomness if they have the ability to write arbitrary values to the TPM at the specified index. What mechanisms does EDK2 provide for generating true random numbers?