linux-drivers/
drivers/virt/coco/efi_secret

EFI Confidential Computing Secret Area

A small guest-side helper for confidential virtual machines that exposes secrets injected by the EFI firmware (such as disk-unlock keys passed in by a cloud tenant) to userspace through securityfs. It is used on AMD SEV and Intel TDX confidential VMs, was added in 2022, and gained arm64 support in 2025.

keep conf=0.88 deploy=medium replacement=none subsystem=virt category=virtualization
88%

recommendation

It should stay because this is the kernel-side path that lets confidential VMs on AMD SEV and Intel TDX read secrets the firmware injected at boot, and it is actively maintained: a locking fix landed in May 2024 and an arm64 enablement series was merged in September 2025. Confidential computing remains a current product line on EPYC and Xeon hardware sold in 2025, and no other in-tree module replaces this functionality.

repository signals

3 files
319 source lines
6 commits, 5y
+380 / −43 lines added / removed, 5y
5 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 6 total · active in 5/61 months
2021 2022 2023 2024 2025 2026 2021-04: 0 commits · +0 −0 2021-05: 0 commits · +0 −0 2021-06: 0 commits · +0 −0 2021-07: 0 commits · +0 −0 2021-08: 0 commits · +0 −0 2021-09: 0 commits · +0 −0 2021-10: 0 commits · +0 −0 2021-11: 0 commits · +0 −0 2021-12: 0 commits · +0 −0 2022-01: 0 commits · +0 −0 2022-02: 0 commits · +0 −0 2022-03: 0 commits · +0 −0 2022-04: 1 commit · +367 −0 2022-05: 0 commits · +0 −0 2022-06: 0 commits · +0 −0 2022-07: 0 commits · +0 −0 2022-08: 0 commits · +0 −0 2022-09: 0 commits · +0 −0 2022-10: 0 commits · +0 −0 2022-11: 0 commits · +0 −0 2022-12: 0 commits · +0 −0 2023-01: 0 commits · +0 −0 2023-02: 0 commits · +0 −0 2023-03: 0 commits · +0 −0 2023-04: 0 commits · +0 −0 2023-05: 0 commits · +0 −0 2023-06: 0 commits · +0 −0 2023-07: 0 commits · +0 −0 2023-08: 0 commits · +0 −0 2023-09: 0 commits · +0 −0 2023-10: 0 commits · +0 −0 2023-11: 0 commits · +0 −0 2023-12: 1 commit · +2 −3 2024-01: 0 commits · +0 −0 2024-02: 0 commits · +0 −0 2024-03: 0 commits · +0 −0 2024-04: 0 commits · +0 −0 2024-05: 2 commits · +9 −38 2024-06: 0 commits · +0 −0 2024-07: 0 commits · +0 −0 2024-08: 0 commits · +0 −0 2024-09: 0 commits · +0 −0 2024-10: 0 commits · +0 −0 2024-11: 0 commits · +0 −0 2024-12: 1 commit · +1 −1 2025-01: 0 commits · +0 −0 2025-02: 0 commits · +0 −0 2025-03: 0 commits · +0 −0 2025-04: 0 commits · +0 −0 2025-05: 0 commits · +0 −0 2025-06: 0 commits · +0 −0 2025-07: 0 commits · +0 −0 2025-08: 0 commits · +0 −0 2025-09: 1 commit · +1 −1 2025-10: 0 commits · +0 −0 2025-11: 0 commits · +0 −0 2025-12: 0 commits · +0 −0 2026-01: 0 commits · +0 −0 2026-02: 0 commits · +0 −0 2026-03: 0 commits · +0 −0 2026-04: 0 commits · +0 −0

sources

  1. lore.kernel.org

    Initial upstream posting adds the efi_secret module to expose confidential-computing secrets via securityfs; establishes this as a real guest-facing driver/module rather than dead scaffolding.

  2. lists.infradead.org

    September 2025 patch series enables EFI secret-area securityfs support on arm64, showing active expansion to new confidential-computing guest deployments rather than retirement.

  3. spinics.net

    May 2024 upstream patch fixes locking in efi_secret_unlink(), indicating real maintenance/bug-fix attention in the last two years.

  4. docs.kernel.org

    Kernel documentation describes the EFI secret area flow and states the module exposes injected confidential-computing secrets to userspace via securityfs.

  5. intel.com

    Intel markets TDX as a current confidential-VM technology and lists current cloud availability, supporting ongoing new deployments in the mid-2020s.

  6. amd.com

    AMD states SEV is built into current EPYC server CPU families and available across major cloud providers, supporting that the surrounding platform is still sold and deployed.

codex reasoning notes (technical)

Keep. Local source inspection (`sed`) and git history (`git -c safe.directory log/show`) show a small but live guest support driver added in 2022, with real fixes in 2024 and arm64 enablement merged in September 2025. The 2025 arm64 series broadens applicability to newer confidential-computing guests, which argues against deprecation. No natural in-tree replacement driver exists; this module is the kernel-side exposure path for EFI secret-area injection. Deployment is not mass-market client hardware, but confidential VMs on AMD SEV and Intel TDX remain active cloud/server niches, so `medium` is the right present-day level. URL provenance: initial lore URL came directly from `git log` Link tag; arm64 and 2024 maintenance URLs came from targeted web searches of mailing-list archives; docs.kernel.org URL is canonical recall corroborated by local `Documentation/security/secrets/coco.rst`; Intel and AMD URLs came from web search.