diff --git a/0047-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch b/0047-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
new file mode 100644
index 0000000000000000000000000000000000000000..00380bc454ab236651996aab722cfe81aed8bee9
--- /dev/null
+++ b/0047-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
@@ -0,0 +1,144 @@
+From 644748015685d9a13e43d7e689f1e7379adcc959 Mon Sep 17 00:00:00 2001
+From: Xin Jiang <jiangxin@hygon.cn>
+Date: Fri, 12 Jan 2024 10:39:28 +0800
+Subject: [PATCH] anolis: OvmfPkg/BaseMemEncryptLib: Save memory encrypt status
+ in reserved memory
+
+The MMIO routine of VC handler will get memory encrypt status to
+validate MMIO address. MemEncryptSevGetEncryptionMask() will enable
+interrupt while interrupt must be disabled during VC.
+
+During DXE stage, VC routine as below:
+CcExitHandleVc->MemEncryptSevGetAddressRangeState->
+MemEncryptSevGetEncryptionMask->PcdGet64(PcdPteMemoryEncryptionAddressOrMask)
+
+Unfortunately, PcdGet64() will enable interrupt in VC context.
+
+Change-Id: I89aedeac4a90ec79f9acb35daf638b7fb507f24c
+Signed-off-by: Xin Jiang <jiangxin@hygon.cn>
+---
+ .../BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf       |  4 ++++
+ .../BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c | 10 ++--------
+ OvmfPkg/OvmfPkg.dec                                    |  4 ++++
+ OvmfPkg/OvmfPkgX64.fdf                                 |  5 ++++-
+ OvmfPkg/PlatformPei/AmdSev.c                           |  2 ++
+ OvmfPkg/PlatformPei/Csv.c                              |  6 ++++++
+ OvmfPkg/PlatformPei/PlatformPei.inf                    |  2 ++
+ 7 files changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+index 8ea8d3a..55e75ef 100644
+--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
++++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLib.inf
+@@ -57,3 +57,7 @@
+ 
+ [Pcd]
+   gEfiMdeModulePkgTokenSpaceGuid.PcdPteMemoryEncryptionAddressOrMask
++
++[FixedPcd]
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
+diff --git a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+index df73a83..44d9ad1 100644
+--- a/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
++++ b/OvmfPkg/Library/BaseMemEncryptSevLib/DxeMemEncryptSevLibInternal.c
+@@ -25,9 +25,6 @@ STATIC BOOLEAN mSevStatusChecked = FALSE;
+ STATIC BOOLEAN mSevLiveMigrationStatus = FALSE;
+ STATIC BOOLEAN mSevLiveMigrationStatusChecked = FALSE;
+ 
+-STATIC UINT64  mSevEncryptionMask = 0;
+-STATIC BOOLEAN mSevEncryptionMaskSaved = FALSE;
+-
+ /**
+   Reads and sets the status of SEV features.
+ 
+@@ -177,10 +174,7 @@ MemEncryptSevGetEncryptionMask (
+   VOID
+   )
+ {
+-  if (!mSevEncryptionMaskSaved) {
+-    mSevEncryptionMask = PcdGet64 (PcdPteMemoryEncryptionAddressOrMask);
+-    mSevEncryptionMaskSaved = TRUE;
+-  }
++  UINT64 *MemEncryptStatus = (UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase);
+ 
+-  return mSevEncryptionMask;
++  return *MemEncryptStatus;
+ }
+diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
+index b6f88e0..2c09ad4 100644
+--- a/OvmfPkg/OvmfPkg.dec
++++ b/OvmfPkg/OvmfPkg.dec
+@@ -364,6 +364,10 @@
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|0|UINT32|0x60
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize|0|UINT32|0x61
+ 
++  ## the base address of memory encryption status.^M
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|0|UINT32|0x62
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize|0|UINT32|0x63
++
+ [PcdsDynamic, PcdsDynamicEx]
+   gUefiOvmfPkgTokenSpaceGuid.PcdEmuVariableEvent|0|UINT64|2
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfFlashVariablesEnable|FALSE|BOOLEAN|0x10
+diff --git a/OvmfPkg/OvmfPkgX64.fdf b/OvmfPkg/OvmfPkgX64.fdf
+index 04efa62..0cc12b8 100644
+--- a/OvmfPkg/OvmfPkgX64.fdf
++++ b/OvmfPkg/OvmfPkgX64.fdf
+@@ -94,7 +94,10 @@ gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGui
+ 0x00F000|0x001000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
+ 
+-0x010000|0x010000
++0x010000|0x001000
++gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase|gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
++
++0x011000|0x00F000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+ 
+ 0x020000|0x0E0000
+diff --git a/OvmfPkg/PlatformPei/AmdSev.c b/OvmfPkg/PlatformPei/AmdSev.c
+index 1d38056..33fc83a 100644
+--- a/OvmfPkg/PlatformPei/AmdSev.c
++++ b/OvmfPkg/PlatformPei/AmdSev.c
+@@ -167,6 +167,8 @@ AmdSevInitialize (
+   PcdStatus = PcdSet64S (PcdPteMemoryEncryptionAddressOrMask, EncryptionMask);
+   ASSERT_RETURN_ERROR (PcdStatus);
+ 
++  *(UINT64 *)(UINT64)FixedPcdGet32 (PcdMemEncrpytStatusBase) = EncryptionMask;
++
+   DEBUG ((DEBUG_INFO, "SEV is enabled (mask 0x%lx)\n", EncryptionMask));
+ 
+   //
+diff --git a/OvmfPkg/PlatformPei/Csv.c b/OvmfPkg/PlatformPei/Csv.c
+index f7c87ac..f8293ab 100644
+--- a/OvmfPkg/PlatformPei/Csv.c
++++ b/OvmfPkg/PlatformPei/Csv.c
+@@ -32,6 +32,12 @@ CsvInitializeMemInfo (
+   UINT64                      LowerMemorySize;
+   UINT64                      UpperMemorySize;
+ 
++  BuildMemoryAllocationHob (
++    (EFI_PHYSICAL_ADDRESS)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusBase),
++    (UINT64)(UINTN) FixedPcdGet32 (PcdMemEncrpytStatusSize),
++    EfiReservedMemoryType
++    );
++
+   if (!CsvIsEnabled ()) {
+     return ;
+   }
+diff --git a/OvmfPkg/PlatformPei/PlatformPei.inf b/OvmfPkg/PlatformPei/PlatformPei.inf
+index bed4dcf..7bf667c 100644
+--- a/OvmfPkg/PlatformPei/PlatformPei.inf
++++ b/OvmfPkg/PlatformPei/PlatformPei.inf
+@@ -125,6 +125,8 @@
+   gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallSize
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase
+   gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusBase
++  gUefiOvmfPkgTokenSpaceGuid.PcdMemEncrpytStatusSize
+ 
+ [FeaturePcd]
+   gUefiOvmfPkgTokenSpaceGuid.PcdCsmEnable
+-- 
+2.17.1
+
diff --git a/edk2.spec b/edk2.spec
index b6aa5905776536908b90625639dad028a81486e9..65d7309f714e9eac5073bf25f55de2e34c1571b5 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -1,4 +1,4 @@
-%define anolis_release .0.1
+%define anolis_release .0.2
 ExclusiveArch: x86_64 aarch64
 
 %define GITDATE        20220126
@@ -82,6 +82,8 @@ Patch1014: 0043-OvmfPkg-PlatformPei-Mark-SEC-GHCB-page-as-unencrypte.patch
 Patch1015: 0044-OvmfPkg-AmdSevDxe-Add-support-for-SEV-live-migration.patch
 Patch1016: 0045-anolis-OvmfPkg-BaseMemcryptSevLib-Correct-the-calcul.patch
 Patch1017: 0046-anolis-OvmfPkg-BaseMemEncryptLib-Return-SUCCESS-if-n.patch
+# Fix the isue that interrupt is enabled in MMIO VC handler
+Patch1018: 0047-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -525,6 +527,10 @@ true
 %endif
 
 %changelog
+* Thu Jan 11 2024 Xin Jiang <jiangxin@hygon.cn> - 20220126gitbb1bba3d77-6.0.2
+- 0047-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
+- Fix the isue that interrupt is enabled in MMIO VC handler
+
 * Thu Dec 14 2023 Jiang Xin <jiangxin@hygon.cn> - 20220126gitbb1bba3d77-6.0.1
 - Support hygon CSV3 feature
 - Support SEV live migration