linux-drivers/
drivers/virt/coco

Confidential Computing guest support (AMD SEV-SNP, Intel TDX, Arm CCA, pKVM)

Guest-side support for confidential virtual machines, where the VM's memory is encrypted and attested by the CPU so the host hypervisor cannot read or tamper with it. It covers AMD SEV-SNP on EPYC, Intel TDX on 4th Gen Xeon and later, Arm's Confidential Compute Architecture, and pKVM, and is used today by cloud providers offering confidential-VM instances.

keep conf=0.84 deploy=medium replacement=none subsystem=virt category=virtualization
84%

recommendation

It should stay because this is the active in-tree home for Linux guests running inside hardware-encrypted, attestation-capable VMs on current Intel Xeon (4th Gen and newer, via TDX) and AMD EPYC (via SEV-SNP) server CPUs, plus emerging Arm CCA and pKVM equivalents. Upstream commits continue into 2026 and the documentation for both SEV and TDX guest ABIs is maintained, with no removal discussion visible on the mailing lists.

repository signals

22 files
2,763 source lines
90 commits, 5y
+4,317 / −1,435 lines added / removed, 5y
31 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 90 total · active in 35/61 months
2021 2022 2023 2024 2025 2026 2021-04: 0 commits · +0 −0 2021-05: 0 commits · +0 −0 2021-06: 0 commits · +0 −0 2021-07: 0 commits · +0 −0 2021-08: 0 commits · +0 −0 2021-09: 0 commits · +0 −0 2021-10: 0 commits · +0 −0 2021-11: 0 commits · +0 −0 2021-12: 0 commits · +0 −0 2022-01: 0 commits · +0 −0 2022-02: 1 commit · +45 −0 2022-03: 2 commits · +811 −2 2022-04: 6 commits · +396 −61 2022-05: 0 commits · +0 −0 2022-06: 0 commits · +0 −0 2022-07: 1 commit · +6 −3 2022-08: 0 commits · +0 −0 2022-09: 0 commits · +0 −0 2022-10: 1 commit · +1 −3 2022-11: 3 commits · +185 −14 2022-12: 0 commits · +0 −0 2023-01: 1 commit · +1 −0 2023-02: 6 commits · +70 −38 2023-03: 3 commits · +89 −54 2023-04: 0 commits · +0 −0 2023-05: 0 commits · +0 −0 2023-06: 0 commits · +0 −0 2023-07: 1 commit · +32 −12 2023-08: 1 commit · +16 −0 2023-09: 2 commits · +660 −1 2023-10: 2 commits · +161 −20 2023-11: 0 commits · +0 −0 2023-12: 2 commits · +4 −7 2024-01: 0 commits · +0 −0 2024-02: 0 commits · +0 −0 2024-03: 1 commit · +6 −1 2024-04: 1 commit · +14 −14 2024-05: 2 commits · +9 −38 2024-06: 5 commits · +358 −55 2024-07: 5 commits · +70 −131 2024-08: 3 commits · +142 −0 2024-09: 1 commit · +0 −1 2024-10: 5 commits · +429 −287 2024-11: 0 commits · +0 −0 2024-12: 5 commits · +12 −8 2025-01: 4 commits · +24 −470 2025-02: 0 commits · +0 −0 2025-03: 4 commits · +86 −50 2025-04: 1 commit · +29 −2 2025-05: 7 commits · +449 −100 2025-06: 1 commit · +6 −3 2025-07: 1 commit · +12 −15 2025-08: 0 commits · +0 −0 2025-09: 1 commit · +1 −1 2025-10: 3 commits · +169 −2 2025-11: 0 commits · +0 −0 2025-12: 1 commit · +2 −0 2026-01: 2 commits · +0 −30 2026-02: 4 commits · +12 −10 2026-03: 1 commit · +10 −2 2026-04: 0 commits · +0 −0

sources

  1. git.kernel.org

    The directory is under active upstream development; local git history shows substantive commits through 2026-01-23, not a dormant legacy driver.

  2. docs.kernel.org

    Upstream kernel documentation covers a current SEV-SNP guest ABI under drivers/virt/coco, indicating maintained in-tree functionality for AMD confidential VMs.

  3. docs.kernel.org

    Upstream kernel documentation covers a current Intel TDX guest ABI under drivers/virt/coco, indicating maintained in-tree functionality for Intel confidential VMs.

  4. intel.com

    Intel states TDX is present from 4th Gen Xeon onward and on newer generations, showing the hardware class is current rather than obsolete.

  5. amd.com

    AMD documents SEV/SEV-SNP across multiple EPYC generations including 8004/9004/9005, showing ongoing new-platform relevance.

codex reasoning notes (technical)

Not an early-exit case: this is an active confidential-computing guest-driver family directory, even though it also contains umbrella Kconfig/Makefile glue. Local shell inspection showed multiple real driver subdirs plus tsm-core, and local `git log` showed recent substantive activity through 2026-01-23; the kernel.org log URL is a canonical-recall companion for that shell-derived history. `web.search_query` obtained the docs.kernel.org SEV and TDX pages and official Intel/AMD pages. A direct `web.search_query` against lore.kernel.org for this area returned no results for removal/deprecation terms, so there is no visible removal signal in the evidence gathered. Deployment is best rated medium: confidential VMs are still niche versus generic virt, but they are actively deployed in cloud/server environments and tied to currently sold Xeon and EPYC generations.