diff --git a/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch b/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
new file mode 100644
index 0000000..2a92c02
--- /dev/null
+++ b/SOURCES/edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
@@ -0,0 +1,51 @@
+From c4096f74a41bde4fc62576222e0c9622152d7701 Mon Sep 17 00:00:00 2001
+From: Pawel Polawski <ppolawsk@redhat.com>
+Date: Tue, 4 Jan 2022 15:16:40 +0800
+Subject: [PATCH 2/2] OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as
+ reserved
+
+RH-Author: Pawel Polawski <ppolawsk@redhat.com>
+RH-MergeRequest: 10: OvmfPkg/AmdSev/SecretPei: Mark SEV launch secret area as reserved
+RH-Commit: [1/1] a8f099d508e2e7b39697945acaa767c43577b1e6 (elkoniu/edk2)
+RH-Bugzilla: 2041754
+RH-Acked-by: Oliver Steffen <osteffen@redhat.com>
+RH-Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+
+Mark the SEV launch secret MEMFD area as reserved, which will allow the
+guest OS to use it during the lifetime of the OS, without creating
+copies of the sensitive content.
+
+Cc: Ard Biesheuvel <ardb+tianocore@kernel.org>
+Cc: Jordan Justen <jordan.l.justen@intel.com>
+Cc: Gerd Hoffmann <kraxel@redhat.com>
+Cc: Brijesh Singh <brijesh.singh@amd.com>
+Cc: Erdem Aktas <erdemaktas@google.com>
+Cc: James Bottomley <jejb@linux.ibm.com>
+Cc: Jiewen Yao <jiewen.yao@intel.com>
+Cc: Min Xu <min.m.xu@intel.com>
+Cc: Tom Lendacky <thomas.lendacky@amd.com>
+Cc: Tobin Feldman-Fitzthum <tobin@linux.ibm.com>
+Signed-off-by: Dov Murik <dovmurik@linux.ibm.com>
+Acked-by: Gerd Hoffmann <kraxel@redhat.com>
+Acked-by: Jiewen Yao <Jiewen.Yao@intel.com>
+Reviewed-by: Brijesh Singh <brijesh.singh@amd.com>
+---
+ OvmfPkg/AmdSev/SecretPei/SecretPei.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/OvmfPkg/AmdSev/SecretPei/SecretPei.c b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+index db94c26b54..6bf1a55dea 100644
+--- a/OvmfPkg/AmdSev/SecretPei/SecretPei.c
++++ b/OvmfPkg/AmdSev/SecretPei/SecretPei.c
+@@ -19,7 +19,7 @@ InitializeSecretPei (
+   BuildMemoryAllocationHob (
+     PcdGet32 (PcdSevLaunchSecretBase),
+     ALIGN_VALUE (PcdGet32 (PcdSevLaunchSecretSize), EFI_PAGE_SIZE),
+-    EfiBootServicesData
++    EfiReservedMemoryType
+     );
+ 
+   return EFI_SUCCESS;
+-- 
+2.27.0
+
diff --git a/SOURCES/edk2-ovmf-amdsev.json b/SOURCES/edk2-ovmf-amdsev.json
new file mode 100644
index 0000000..a5fbf85
--- /dev/null
+++ b/SOURCES/edk2-ovmf-amdsev.json
@@ -0,0 +1,30 @@
+{
+    "description": "OVMF with SEV-ES support",
+    "interface-types": [
+        "uefi"
+    ],
+    "mapping": {
+        "device": "flash",
+	"mode": "stateless",
+        "executable": {
+            "filename": "/usr/share/edk2/ovmf/OVMF.amdsev.fd",
+            "format": "raw"
+        }
+    },
+    "targets": [
+        {
+            "architecture": "x86_64",
+            "machines": [
+                "pc-q35-rhel8.5.0"
+            ]
+        }
+    ],
+    "features": [
+        "amd-sev",
+        "amd-sev-es",
+        "verbose-dynamic"
+    ],
+    "tags": [
+
+    ]
+}
diff --git a/SPECS/edk2.spec b/SPECS/edk2.spec
index 5836d90..28b8bcf 100644
--- a/SPECS/edk2.spec
+++ b/SPECS/edk2.spec
@@ -24,7 +24,7 @@ ExclusiveArch: x86_64 aarch64
 
 Name:       edk2
 Version:    %{GITDATE}git%{GITCOMMIT}
-Release:    2%{?dist}
+Release:    3%{?dist}
 Summary:    UEFI firmware for 64-bit virtual machines
 License:    BSD-2-Clause-Patent and OpenSSL and MIT
 URL:        http://www.tianocore.org
@@ -45,6 +45,7 @@ Source11: edk2-aarch64.json
 Source12: edk2-ovmf-sb.json
 Source13: edk2-ovmf.json
 Source14: edk2-ovmf-cc.json
+Source15: edk2-ovmf-amdsev.json
 
 Patch0008: 0008-BaseTools-do-not-build-BrotliCompress-RH-only.patch
 Patch0009: 0009-MdeModulePkg-remove-package-private-Brotli-include-p.patch
@@ -93,6 +94,8 @@ Patch49: edk2-OvmfPkg-drop-TPM_CONFIG_ENABLE.patch
 Patch50: edk2-OvmfPkg-create-Tcg12ConfigPei.inf.patch
 # For bz#1935497 - edk2  implements and/or uses the deprecated MD5 and SHA-1 algorithms by default
 Patch51: edk2-OvmfPkg-rework-TPM-configuration.patch
+# For bz#2041755 - Mark SEV launch secret area as reserved
+Patch52: edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch
 
 
 # python3-devel and libuuid-devel are required for building tools.
@@ -201,7 +204,7 @@ git config am.keepcr true
 %autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am
 
 cp -a -- %{SOURCE1} %{SOURCE3} .
-cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} .
+cp -a -- %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} .
 tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
 
 # Format the Red Hat-issued certificate that is to be enrolled as both Platform
@@ -293,6 +296,11 @@ build ${OVMF_FLAGS} -a X64 \
 build ${OVMF_SB_FLAGS} -a IA32 -a X64 \
   -p OvmfPkg/OvmfPkgIa32X64.dsc
 
+# Build AmdSev
+touch OvmfPkg/AmdSev/Grub/grub.efi   # dummy
+build ${OVMF_FLAGS} -a X64 \
+  -p OvmfPkg/AmdSev/AmdSevX64.dsc
+
 # Sanity check: the varstore templates must be identical.
 cmp Build/OvmfX64/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd \
   Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.fd
@@ -368,6 +376,9 @@ install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/FV/OVMF_VARS.secboot.fd \
 install -m 0644 Build/Ovmf3264/DEBUG_%{TOOLCHAIN}/X64/UefiShell.iso \
   %{buildroot}%{_datadir}/%{name}/ovmf/UefiShell.iso
 
+install -m 0644 Build/AmdSev/DEBUG_%{TOOLCHAIN}/FV/OVMF.fd \
+  %{buildroot}%{_datadir}/%{name}/ovmf/OVMF.amdsev.fd
+
 ln -s ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}%{_datadir}/OVMF/
 ln -s ../%{name}/ovmf/OVMF_VARS.fd         %{buildroot}%{_datadir}/OVMF/
 ln -s ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}%{_datadir}/OVMF/
@@ -384,6 +395,8 @@ install -m 0644 edk2-ovmf.json \
   %{buildroot}%{_datadir}/qemu/firmware/50-edk2-ovmf.json
 install -m 0644 edk2-ovmf-cc.json \
   %{buildroot}%{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json
+install -m 0644 edk2-ovmf-amdsev.json \
+  %{buildroot}%{_datadir}/qemu/firmware/50-edk2-ovmf-amdsev.json
 
 # endif build_ovmf
 %endif
@@ -474,6 +487,7 @@ KERNEL_IMG=$(rpm -q -l $KERNEL_PKG | egrep '^/lib/modules/[^/]+/vmlinuz$')
 %{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd
 %{_datadir}/%{name}/ovmf/OVMF_VARS.fd
 %{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd
+%{_datadir}/%{name}/ovmf/OVMF.amdsev.fd
 %{_datadir}/%{name}/ovmf/UefiShell.iso
 %{_datadir}/OVMF/OVMF_CODE.secboot.fd
 %{_datadir}/OVMF/OVMF_VARS.fd
@@ -483,6 +497,7 @@ KERNEL_IMG=$(rpm -q -l $KERNEL_PKG | egrep '^/lib/modules/[^/]+/vmlinuz$')
 %{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
 %{_datadir}/qemu/firmware/40-edk2-ovmf-sb.json
 %{_datadir}/qemu/firmware/50-edk2-ovmf-cc.json
+%{_datadir}/qemu/firmware/50-edk2-ovmf-amdsev.json
 %{_datadir}/qemu/firmware/50-edk2-ovmf.json
 # endif build_ovmf
 %endif
@@ -531,6 +546,14 @@ KERNEL_IMG=$(rpm -q -l $KERNEL_PKG | egrep '^/lib/modules/[^/]+/vmlinuz$')
 
 
 %changelog
+* Wed Feb 23 2022 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-3
+- edk2-spec-build-amdsev-variant.patch [bz#2054661]
+- edk2-OvmfPkg-AmdSev-SecretPei-Mark-SEV-launch-secret-area.patch [bz#2041755]
+- Resolves: bz#2054661
+  (RFE:  Support measured AMD SEV boot with kernel/initrd/cmdline in OVMF)
+- Resolves: bz#2041755
+  (Mark SEV launch secret area as reserved)
+
 * Tue Feb 08 2022 Miroslav Rezanina <mrezanin@redhat.com> - 20220126gitbb1bba3d77-2
 - edk2-OvmfPkg-remove-unused-TPM-options-from-MicrovmX64.ds.patch [bz#1935497]
 - edk2-OvmfPkg-move-tcg-configuration-to-dsc-and-fdf-includ.patch [bz#1935497]