From 4bd322d4fae51433f7a1fe71b29147deb172fd59 Mon Sep 17 00:00:00 2001
From: Jiaqi Gao <jiaqi.gao@intel.com>
Date: Thu, 9 Dec 2021 10:13:51 +0800
Subject: [PATCH] OvmfPkg: enable stack NX in OvmfPkgX64.dsc rather than .dec

Signed-off-by: Jiaqi Gao <jiaqi.gao@intel.com>
---
 OvmfPkg/OvmfPkg.dec    | 2 +-
 OvmfPkg/OvmfPkgX64.dsc | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/OvmfPkg/OvmfPkg.dec b/OvmfPkg/OvmfPkg.dec
index f610ee74dcb..46f24c3fcc0 100644
--- a/OvmfPkg/OvmfPkg.dec
+++ b/OvmfPkg/OvmfPkg.dec
@@ -338,7 +338,7 @@
   gUefiOvmfPkgTokenSpaceGuid.PcdUseTdxMsr|TRUE|BOOLEAN|0x56
 
   gUefiOvmfPkgTokenSpaceGuid.PcdTdxAcceptChunkSize|0x2000000|UINT64|0x59
-  gUefiOvmfPkgTokenSpaceGuid.PcdTdxSetNxForStack|TRUE|BOOLEAN|0x5b
+  gUefiOvmfPkgTokenSpaceGuid.PcdTdxSetNxForStack|FALSE|BOOLEAN|0x5b
   gUefiOvmfPkgTokenSpaceGuid.PcdTdxPteMemoryEncryptionAddressOrMask|0|UINT64|0x5c
 
   ## The Tdx accept page size. 0x1000,0x200000
diff --git a/OvmfPkg/OvmfPkgX64.dsc b/OvmfPkg/OvmfPkgX64.dsc
index bbc58e92c75..f0dbcb972a2 100644
--- a/OvmfPkg/OvmfPkgX64.dsc
+++ b/OvmfPkg/OvmfPkgX64.dsc
@@ -637,6 +637,7 @@
   # TDX doesn't allow us to change EFER so make sure these are disabled
   #gEfiMdeModulePkgTokenSpaceGuid.PcdSetNxForStack|FALSE
   gEfiMdeModulePkgTokenSpaceGuid.PcdUse1GPageTable|TRUE
+  gUefiOvmfPkgTokenSpaceGuid.PcdTdxSetNxForStack|TRUE
 
   # Set memory encryption mask
   gUefiOvmfPkgTokenSpaceGuid.PcdTdxPteMemoryEncryptionAddressOrMask|0x0