diff --git a/hypervisor/arch/x86/boot/cpu_primary.S b/hypervisor/arch/x86/boot/cpu_primary.S
index a22364e98..a53d008ce 100644
--- a/hypervisor/arch/x86/boot/cpu_primary.S
+++ b/hypervisor/arch/x86/boot/cpu_primary.S
@@ -115,8 +115,14 @@ relocatable_tag_end:
 mb2_header_end:
 #endif
 
+    /*
+     * The page tables are aligned to 4KB, which implicitly aligns this section at
+     * 4KB boundary. Put an extra .align here to explicitly state that regardless
+     * the actual length of the multiboot header section, this section will be linked
+     * at offset 0x1000 to the beginning of the target executable.
+     */
+    .align      0x1000
     .section    entry, "ax"
-
     .align      8
     .code32
 
@@ -210,8 +216,13 @@ jmpbuf_32:
     /* 0x0008 = HOST_GDT_RING0_CODE_SEL */
     .word 0x0008
 
-    .code64
+    /*
+     * Offset from the beginning of the entry section.
+     * This is to make sure that cpu_primary_start_64 is linked to a known address
+     * so that efi-stub knows where to pass control to hypervisor.
+     */
     .org 0x200
+    .code64
     .global     cpu_primary_start_64
 cpu_primary_start_64:
     /* save the MULTBOOT magic number & MBI */
@@ -252,11 +263,10 @@ primary_start_long_mode:
     lea     after(%rip), %rbx
     mov     %rbx, (%rax)
     rex.w ljmp  *(%rax)
-.data
 jmpbuf_64: .quad 0
 	/* 0x0008 = HOST_GDT_RING0_CODE_SEL */
         .word 0x0008
-.text
+
 after:
     /* 0x10 = HOST_GDT_RING0_DATA_SEL*/
     movl    $0x10,%eax
diff --git a/misc/efi-stub/boot.c b/misc/efi-stub/boot.c
index 7378c339b..529775dbf 100644
--- a/misc/efi-stub/boot.c
+++ b/misc/efi-stub/boot.c
@@ -94,14 +94,10 @@ static inline void hv_jump(EFI_PHYSICAL_ADDRESS hv_start,
 
 	efi_ctx->vcpu_regs.rip = (uint64_t)&guest_entry;
 
-	/* The 64-bit entry of acrn hypervisor is 0x200 from the start
-	 * address of hv image. But due to there is multiboot header,
-	 * so it has to be added with 0x10.
-	 *
-	 * FIXME: The hardcode value 0x210 should be worked out
-	 * from the link address of cpu_primary_start_64 in acrn.out
+	/* The 64-bit entry of acrn hypervisor is 0x1200 from the start
+	 * address of hv image.
 	 */
-	hf = (hv_func)(hv_start + 0x210);
+	hf = (hv_func)(hv_start + 0x1200);
 
 	asm volatile ("cli");