diff --git a/src/runtime/virtcontainers/hypervisor_linux_amd64.go b/src/runtime/virtcontainers/hypervisor_linux_amd64.go
index 043b36c9f5..304d0446a4 100644
--- a/src/runtime/virtcontainers/hypervisor_linux_amd64.go
+++ b/src/runtime/virtcontainers/hypervisor_linux_amd64.go
@@ -12,6 +12,8 @@ const (
 
 	tdxSysFirmwareDir = "/sys/firmware/tdx/"
 
+	tdxCPUFlag = "tdx"
+
 	sevKvmParameterPath = "/sys/module/kvm_amd/parameters/sev"
 
 	snpKvmParameterPath = "/sys/module/kvm_amd/parameters/sev_snp"
@@ -19,6 +21,10 @@ const (
 
 // TDX is supported and properly loaded when the firmware directory (either tdx or tdx_seam) exists or `tdx` is part of the CPU flag
 func checkTdxGuestProtection(flags map[string]bool) bool {
+	if flags[tdxCPUFlag] {
+		return true
+	}
+
 	if d, err := os.Stat(tdxSysFirmwareDir); err == nil && d.IsDir() {
 		return true
 	}