diff --git a/0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch b/0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
new file mode 100644
index 0000000000000000000000000000000000000000..91b09e4fa36f582d274cfcdb4d5dde80687fb2ee
--- /dev/null
+++ b/0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
@@ -0,0 +1,177 @@
+From 670cde2494761894aa6308f515511685be402433 Mon Sep 17 00:00:00 2001
+From: Xin Jiang <jiangxin@hygon.cn>
+Date: Wed, 10 Jan 2024 17:34:57 +0800
+Subject: [PATCH] anolis: OvmfPkg/BaseMemEncryptLib: Save memory encrypt status
+ in reserved memory
+
+The MMIO routine of VC handler will get memory encrypt status to
+validate MMIO address. MemEncryptSevGetEncryptionMask() will enable
+interrupt while interrupt must be disabled during VC.
+
+During DXE stage, VC routine as below:
+CcExitHandleVc->MemEncryptSevGetAddressRangeState->
+MemEncryptSevGetEncryptionMask->PcdGet64(PcdPteMemoryEncryptionAddressOrMask)
+
+Unfortunately, PcdGet64() will enable interrupt in VC context.
+
+Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
+Change-Id: I617af038d3fa1e92e33092950f694511959127c8
+---
+ OvmfPkg/AmdSev/AmdSevX64.fdf                             | 5 ++++-
+ OvmfPkg/IntelTdx/IntelTdxX64.fdf                         | 5 ++++-
+ .../Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf | 4 ++++
+ .../BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c   | 9 ++-------
+ OvmfPkg/OvmfPkg.dec                                      | 4 ++++
+ OvmfPkg/OvmfPkgX64.fdf                                   | 5 ++++-
+ OvmfPkg/PlatformPei/AmdSev.c                             | 2 ++
+ OvmfPkg/PlatformPei/Csv.c                                | 6 ++++++
+ OvmfPkg/PlatformPei/PlatformPei.inf                      | 2 ++
+ 9 files changed, 32 insertions(+), 10 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index dd8e511cb9..4e45bf0212 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -80,7 +80,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
+ 0x012000|0x001000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
+ 
+-0x013000|0x00D000
++0x013000|0x001000
++gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
++
++0x014000|0x00C000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+ 
+ 0x020000|0x0E0000
+diff --git a/OvmfPkg/IntelTdx/IntelTdxX64.fdf b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+index 8900524cd5..5e777a3e69 100644
+--- a/OvmfPkg/IntelTdx/IntelTdxX64.fdf
++++ b/OvmfPkg/IntelTdx/IntelTdxX64.fdf
+@@ -100,7 +100,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
+ 0x011000|0x001000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
+ 
+-0x012000|0x00E000
++0x012000|0x001000
++gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
++
++0x013000|0x00D000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+ 
+ 0x100000|0x700000
+diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+index 4d32fae618..6f2f69d048 100644
+--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
++++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+@@ -61,3 +61,7 @@
+ [Pcd]
+   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
+   gEfiMdePkgTokenSpaceGuid.PcdConfidentialComputingGuestAttr
++
++[FixedPcd]
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
+diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+index d80ebe2fac..a9d43237ef 100644
+--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
++++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+@@ -22,8 +22,6 @@
+ 
+ STATIC UINT64   mCurrentAttr                   = 0;
+ STATIC BOOLEAN  mCurrentAttrRead               = FALSE;
+-STATIC UINT64   mSevEncryptionMask             = 0;
+-STATIC BOOLEAN  mSevEncryptionMaskSaved        = FALSE;
+ STATIC BOOLEAN  mSevLiveMigrationStatus        = FALSE;
+ STATIC BOOLEAN  mSevLiveMigrationStatusChecked = FALSE;
+ 
+@@ -193,10 +191,7 @@ MemEncryptSevGetEncryptionMask (
+   VOID
+   )
+ {
+-  if (!mSevEncryptionMaskSaved) {
+-    mSevEncryptionMask      = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
+-    mSevEncryptionMaskSaved = TRUE;
+-  }
++  UINT64 *MemEncryptStatus = (UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase);
+ 
+-  return mSevEncryptionMask;
++  return *MemEncryptStatus;
+ }
+diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
+index 453b4ea497..a62bb9bc84 100644
+--- a/OvmfPkg/OvmfPkg.dec
++++ b/OvmfPkg/OvmfPkg.dec
+@@ -436,6 +436,10 @@
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|0|UINT32|0x72
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize|0|UINT32|0x73
+ 
++  ## the base address of memory encryption status.
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|0|UINT32|0x74
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize|0|UINT32|0x75
++
+ [PcdsDynamic, PcdsDynamicEx]
+   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index 98f4e5cae3..ac3981ac58 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -100,7 +100,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
+ 0x011000|0x001000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
+ 
+-0x012000|0x00E000
++0x012000|0x001000
++gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
++
++0x013000|0x00D000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+ 
+ 0x020000|0x0E0000
+diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
+index 553e841e55..7c4ef89990 100644
+--- a/OvmfPkg/PlatformPei/AmdSev.c
++++ b/OvmfPkg/PlatformPei/AmdSev.c
+@@ -379,6 +379,8 @@ AmdSevInitialize (
+   PcdStatus      = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);
+   ASSERT_RETURN_ERROR (PcdStatus);
+ 
++  *(UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase) = EncryptionMask;
++
+   DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));
+ 
+   //
+diff --git a/OvmfPkg/PlatformPei/Csv.c b/OvmfPkg/PlatformPei/Csv.c
+index a52112d55b..fe8c059b0d 100644
+--- a/OvmfPkg/PlatformPei/Csv.c
++++ b/OvmfPkg/PlatformPei/Csv.c
+@@ -33,6 +33,12 @@ CsvInitializeMemInfo (
+   UINT64                      LowerMemorySize;
+   UINT64                      UpperMemorySize;
+ 
++  BuildMemoryAllocationHob (
++    (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusBase),
++    (UINT64)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusSize),
++    EfiReservedMemoryType
++    );
++
+   if (!CsvIsEnabled ()) {
+     return ;
+   }
+diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
+index 0cadd0a3af..a098644130 100644
+--- a/OvmfPkg/PlatformPei/PlatformPei.inf
++++ b/OvmfPkg/PlatformPei/PlatformPei.inf
+@@ -136,6 +136,8 @@
+   gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallSize
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
+ 
+ [FeaturePcd]
+   gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable
+-- 
+2.17.1
+
diff --git a/edk2.spec b/edk2.spec
index dc5e89074667afb6e50c1d7d8907aa8f3d6fb3aa..ef5167486aac8a8a1b08ca4b3bb725519ddb86fc 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -1,4 +1,4 @@
-%define anolis_release 5
+%define anolis_release 6
 
 %undefine _auto_set_build_flags
 ExclusiveArch: x86_64 aarch64 loongarch64
@@ -80,6 +80,7 @@ Patch0017: 0016-OvmfPkg-PlatformPei-Mark-SEC-GHCB-page-as-unencrypte.patch
 Patch0018: 0017-OvmfPkg-AmdSevDxe-Add-support-for-SEV-live-migration.patch
 Patch0019: 0018-anolis-OvmfPkg-BaseMemcryptSevLib-Correct-the-calcul.patch
 Patch0020: 0019-anolis-OvmfPkg-BaseMemEncryptLib-Return-SUCCESS-if-n.patch
+Patch0021: 0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
 
 BuildRequires:  python3-devel
 BuildRequires:  libuuid-devel
@@ -474,6 +475,10 @@ install -m 0644 \
 
 
 %changelog
+* Thu Jan 11 2024 Xin Jiang <jiangxin@hygon.cn> - 202302-6
+- 0020-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
+- Fix the isue that interrupt is enabled in MMIO VC handler
+
 * Thu Nov 30 2023 Xin Jiang <jiangxin@hygon.cn> - 202302-5
 - 0012-OvmfPkg-BaseMemEncryptLib-Detect-SEV-live-migration-.patch
 - 0013-OvmfPkg-BaseMemEncryptLib-Hypercall-API-for-page-enc.patch