diff --git a/0049-OvmfPkg-AmdSev-Support-full-disk-encryption-based-on.patch b/0049-OvmfPkg-AmdSev-Support-full-disk-encryption-based-on.patch
new file mode 100644
index 0000000000000000000000000000000000000000..4814242ab0258d08526b4f0ab79efe12429e6cf7
--- /dev/null
+++ b/0049-OvmfPkg-AmdSev-Support-full-disk-encryption-based-on.patch
@@ -0,0 +1,124 @@
+From f0f2e858f56adc48026cae366fe5c9ad9bbafd72 Mon Sep 17 00:00:00 2001
+From: hanliyang <hanliyang@hygon.cn>
+Date: Fri, 2 Aug 2024 02:06:58 +0800
+Subject: [PATCH 1/2] OvmfPkg/AmdSev: Support full-disk encryption based on
+ Grub efisecret mod
+
+When we place grub FV package into OVMF.fd to support full-disk
+encryption, we need provide grub components as the build env.
+
+===
+Prerequisite:
+
+1. If the grub in your system has already support efisecret module, then
+you should run cmds as follows to support build OVMF.fd.
+  $ cd /usr
+  $ sudo tar --transform='s/^/grub\// -zcf grub.tar.gz lib/grub/
+  $ sudo mv grub.tar.gz /opt
+  $ cd /opt/
+  $ sudo tar -xzf grub.tar.gz
+
+2. If the grub in your system does not support efisecret module, then we
+can clone the grub repository and checkout to commit 578c95298 ("
+kern: Add lockdown support"), and backport the following patch series:
+  https://lists.gnu.org/archive/html/grub-devel/2020-12/msg00257.html
+  https://lists.gnu.org/archive/html/grub-devel/2020-12/msg00258.html
+  https://lists.gnu.org/archive/html/grub-devel/2020-12/msg00259.html
+  https://lists.gnu.org/archive/html/grub-devel/2020-12/msg00260.html
+After we have prepared for the grub codes, we should build it and
+install the grub components to /opt/grub. The steps is shown as below:
+  $ ./bootstrap
+  $ ./autogen.sh
+  $ ./configure --target=x86_64 --with-platform=efi -prefix=/grub
+  $ make -j$(getconf _NPROCESSORS_ONLN)
+  $ sudo make install DESTDIR=/opt/
+  $ cd /opt/
+  $ sudo tar -zcf grub.tar.gz grub
+
+Note: the grub.tar.gz metioned above will be used when enabling
+full-disk encryption in the guest.
+
+===
+Build OVMF.fd:
+
+When we build the OVMF.fd which support full-disk encryption, we should
+delete stale grub.efi in the source tree:
+  $ rm OvmfPkg/AmdSev/Grub/grub.efi
+And specify the dsc file:
+  $ OvmfPkg/build.sh ... -a X64 -p OvmfPkg/AmdSev/AmdSevX64.dsc ...
+
+Signed-off-by: hanliyang <hanliyang@hygon.cn>
+---
+ OvmfPkg/AmdSev/Grub/grub.cfg | 22 +++++++++++++++-------
+ OvmfPkg/AmdSev/Grub/grub.sh  |  4 ++--
+ 2 files changed, 17 insertions(+), 9 deletions(-)
+
+diff --git a/OvmfPkg/AmdSev/Grub/grub.cfg b/OvmfPkg/AmdSev/Grub/grub.cfg
+index 17be942..93eea0b 100644
+--- a/OvmfPkg/AmdSev/Grub/grub.cfg
++++ b/OvmfPkg/AmdSev/Grub/grub.cfg
+@@ -10,16 +10,12 @@
+ ##
+ 
+ echo "Entering grub config"
+-sevsecret
++cryptomount -s efisecret
+ if [ $? -ne 0 ]; then
+     echo "Failed to locate anything in the SEV secret area, prompting for password"
++    echo "OR"
++    echo "Failed to mount root securely, retrying with password prompt"
+     cryptomount -a
+-else
+-    cryptomount -s
+-    if [ $? -ne 0 ]; then
+-        echo "Failed to mount root securely, retrying with password prompt"
+-        cryptomount -a
+-    fi
+ fi
+ set root=
+ for f in (crypto*); do
+@@ -27,6 +23,18 @@ for f in (crypto*); do
+         set root=$f
+         set prefix=($root)/boot/grub
+         break;
++    elif [ -e $f/boot/grub2/grub.cfg ]; then
++        set root=$f
++        set prefix=($root)/boot/grub
++        break;
++    elif [ -e $f/grub/grub.cfg ]; then
++        set root=$f
++        set prefix=($root)/grub
++        break;
++    elif [ -e $f/grub2/grub.cfg ]; then
++        set root=$f
++        set prefix=($root)/grub2
++        break;
+     fi
+ done
+ if [ x$root = x ]; then
+diff --git a/OvmfPkg/AmdSev/Grub/grub.sh b/OvmfPkg/AmdSev/Grub/grub.sh
+index 99807d7..c8e57a1 100644
+--- a/OvmfPkg/AmdSev/Grub/grub.sh
++++ b/OvmfPkg/AmdSev/Grub/grub.sh
+@@ -42,9 +42,8 @@ GRUB_MODULES="
+             test
+             regexp
+             linux
+-            linuxefi
+             reboot
+-            sevsecret
++            efisecret
+             "
+ basedir=$(dirname -- "$0")
+ 
+@@ -85,6 +84,7 @@ mcopy -i "${basedir}/disk.fat" -- "${basedir}/grub.cfg" ::grub.cfg
+ ${mkimage} -O x86_64-efi \
+            -p '(crypto0)' \
+            -c "${basedir}/grub-bootstrap.cfg" \
++           -d "/opt/grub/lib/grub/x86_64-efi" \
+            -m "${basedir}/disk.fat" \
+            -o "${basedir}/grub.efi" \
+            ${GRUB_MODULES}
+-- 
+2.43.5
+
diff --git a/0050-OvmfPkg-AmdSev-Support-build-OVMF.fd-using-AmdSevX64.patch b/0050-OvmfPkg-AmdSev-Support-build-OVMF.fd-using-AmdSevX64.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ca3abb2822e2fdaf561331f26a5b5c07b377fbfb
--- /dev/null
+++ b/0050-OvmfPkg-AmdSev-Support-build-OVMF.fd-using-AmdSevX64.patch
@@ -0,0 +1,61 @@
+From 95fb92a861b4cae3deec0300c173d896db3ed228 Mon Sep 17 00:00:00 2001
+From: hanliyang <hanliyang@hygon.cn>
+Date: Thu, 2 Jan 2025 11:09:42 +0000
+Subject: [PATCH 2/2] OvmfPkg/AmdSev: Support build OVMF.fd using AmdSevX64.dsc
+
+Signed-off-by: hanliyang <hanliyang@hygon.cn>
+---
+ OvmfPkg/AmdSev/AmdSevX64.dsc | 2 ++
+ OvmfPkg/AmdSev/AmdSevX64.fdf | 9 ++++++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.dsc b/OvmfPkg/AmdSev/AmdSevX64.dsc
+index 499ad2e..9a4a923 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.dsc
++++ b/OvmfPkg/AmdSev/AmdSevX64.dsc
+@@ -174,6 +174,7 @@
+   CustomizedDisplayLib|MdeModulePkg/Library/CustomizedDisplayLib/CustomizedDisplayLib.inf
+   FrameBufferBltLib|MdeModulePkg/Library/FrameBufferBltLib/FrameBufferBltLib.inf
+   BlobVerifierLib|OvmfPkg/AmdSev/BlobVerifierLibSevHashes/BlobVerifierLibSevHashes.inf
++  CsvLib|OvmfPkg/Library/CsvLib/CsvLib.inf
+ 
+ !if $(SOURCE_DEBUG_ENABLE) == TRUE
+   PeCoffExtraActionLib|SourceLevelDebugPkg/Library/PeCoffExtraActionLibDebug/PeCoffExtraActionLibDebug.inf
+@@ -828,6 +829,7 @@
+   OvmfPkg/PlatformDxe/Platform.inf
+   OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+   OvmfPkg/IoMmuDxe/IoMmuDxe.inf
++  OvmfPkg/CsvDxe/CsvDxe.inf
+ 
+   #
+   # Variable driver stack (non-SMM)
+diff --git a/OvmfPkg/AmdSev/AmdSevX64.fdf b/OvmfPkg/AmdSev/AmdSevX64.fdf
+index 06ff2f1..5f239af 100644
+--- a/OvmfPkg/AmdSev/AmdSevX64.fdf
++++ b/OvmfPkg/AmdSev/AmdSevX64.fdf
+@@ -68,7 +68,13 @@ gUefiOvmfPkgTokenSpaceGuid.PcdQemuHashTableBase|gUefiOvmfPkgTokenSpaceGuid.PcdQe
+ 0x00D000|0x001000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecGhcbBackupSize
+ 
+-0x010000|0x010000
++0x00E000|0x002000
++gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallBase|gUefiOvmfPkgTokenSpaceGuid.PcdCsvDefaultSecureCallSize
++
++0x010000|0x001000
++gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfCsvCpuidSize
++
++0x011000|0x00F000
+ gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamBase|gUefiOvmfPkgTokenSpaceGuid.PcdOvmfSecPeiTempRamSize
+ 
+ 0x020000|0x0E0000
+@@ -304,6 +310,7 @@ INF  OvmfPkg/VirtioGpuDxe/VirtioGpu.inf
+ INF  OvmfPkg/PlatformDxe/Platform.inf
+ INF  OvmfPkg/AmdSevDxe/AmdSevDxe.inf
+ INF  OvmfPkg/IoMmuDxe/IoMmuDxe.inf
++INF  OvmfPkg/CsvDxe/CsvDxe.inf
+ 
+ 
+ #
+-- 
+2.43.5
+
diff --git a/edk2.spec b/edk2.spec
index af6002fcd457cf20a4311c22b465bb20b607a29d..74eec4fdae5e2269d607ad2b4a87a9179ec9a26d 100644
--- a/edk2.spec
+++ b/edk2.spec
@@ -8,7 +8,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    13%{anolis_release}%{?dist}.4
+Release:    13%{anolis_release}%{?dist}.5
 Summary:    UEFI firmware for 64-bit virtual machines
 Group:      Applications/Emulators
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
@@ -414,6 +414,8 @@ Patch1017: 0046-anolis-OvmfPkg-BaseMemEncryptLib-Return-SUCCESS-if-n.patch
 Patch1018: 0047-anolis-OvmfPkg-BaseMemEncryptLib-Save-memory-encrypt.patch
 
 Patch1019: 0048-OvmfPkg-AmdSev-SecretDxe-Allocate-secret-location-as.patch
+Patch1020: 0049-OvmfPkg-AmdSev-Support-full-disk-encryption-based-on.patch
+Patch1021: 0050-OvmfPkg-AmdSev-Support-build-OVMF.fd-using-AmdSevX64.patch
 
 # python3-devel and libuuid-devel are required for building tools.
 # python3-devel is also needed for varstore template generation and
@@ -859,6 +861,9 @@ true
 %endif
 
 %changelog
+* Wed Jan 01 2025 hanliyang <hanliyang@hygon.cn> - 20220126gitbb1bba3d77-13.0.1.5
+- Support build OVMF.fd based on full-disk encryption
+
 * Thu Dec 19 2024 Jiang Xin <jiangxin@hygon.cn> - 20220126gitbb1bba3d77-13.0.1.4
 - Support hygon CSV3 feature
 - Support SEV live migration