linux-drivers/
drivers/virt/coco/guest

Confidential VM Guest Attestation (AMD SEV-SNP and Intel TDX TSM)

Common guest-side support for confidential virtual machines on AMD SEV-SNP or Intel TDX hardware, exposing attestation reports and measurement registers so a VM can cryptographically prove what it is running to a remote party. It underpins confidential-computing offerings from cloud providers like Google Cloud on current AMD EPYC and Intel server CPUs.

keep conf=0.91 deploy=medium replacement=none subsystem=virt category=virtualization
91%

recommendation

It should stay in the kernel because this is brand-new code (landed in early 2025) providing the shared guest-side plumbing that confidential virtual machines use to fetch and verify hardware attestation reports. The underlying CPUs (AMD EPYC with SEV-SNP and Intel processors with TDX) are actively sold in 2025 and used by major cloud providers like Google Cloud for confidential-VM offerings, so this code is on a growth trajectory rather than a retirement one.

repository signals

4 files
790 source lines
6 commits, 5y
+530 / −8 lines added / removed, 5y
4 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 6 total · active in 3/61 months
2021 2022 2023 2024 2025 2026 2021-04: 0 commits · +0 −0 2021-05: 0 commits · +0 −0 2021-06: 0 commits · +0 −0 2021-07: 0 commits · +0 −0 2021-08: 0 commits · +0 −0 2021-09: 0 commits · +0 −0 2021-10: 0 commits · +0 −0 2021-11: 0 commits · +0 −0 2021-12: 0 commits · +0 −0 2022-01: 0 commits · +0 −0 2022-02: 0 commits · +0 −0 2022-03: 0 commits · +0 −0 2022-04: 0 commits · +0 −0 2022-05: 0 commits · +0 −0 2022-06: 0 commits · +0 −0 2022-07: 0 commits · +0 −0 2022-08: 0 commits · +0 −0 2022-09: 0 commits · +0 −0 2022-10: 0 commits · +0 −0 2022-11: 0 commits · +0 −0 2022-12: 0 commits · +0 −0 2023-01: 0 commits · +0 −0 2023-02: 0 commits · +0 −0 2023-03: 0 commits · +0 −0 2023-04: 0 commits · +0 −0 2023-05: 0 commits · +0 −0 2023-06: 0 commits · +0 −0 2023-07: 0 commits · +0 −0 2023-08: 0 commits · +0 −0 2023-09: 0 commits · +0 −0 2023-10: 0 commits · +0 −0 2023-11: 0 commits · +0 −0 2023-12: 0 commits · +0 −0 2024-01: 0 commits · +0 −0 2024-02: 0 commits · +0 −0 2024-03: 0 commits · +0 −0 2024-04: 0 commits · +0 −0 2024-05: 0 commits · +0 −0 2024-06: 0 commits · +0 −0 2024-07: 0 commits · +0 −0 2024-08: 0 commits · +0 −0 2024-09: 0 commits · +0 −0 2024-10: 0 commits · +0 −0 2024-11: 0 commits · +0 −0 2024-12: 0 commits · +0 −0 2025-01: 0 commits · +0 −0 2025-02: 0 commits · +0 −0 2025-03: 1 commit · +522 −0 2025-04: 0 commits · +0 −0 2025-05: 2 commits · +4 −4 2025-06: 0 commits · +0 −0 2025-07: 0 commits · +0 −0 2025-08: 0 commits · +0 −0 2025-09: 0 commits · +0 −0 2025-10: 0 commits · +0 −0 2025-11: 0 commits · +0 −0 2025-12: 0 commits · +0 −0 2026-01: 0 commits · +0 −0 2026-02: 3 commits · +4 −4 2026-03: 0 commits · +0 −0 2026-04: 0 commits · +0 −0

sources

  1. git.zx2c4.com

    The directory was created in 2025 as shared guest confidential-computing infrastructure, explicitly as preparation for further TSM guest functionality rather than retirement.

  2. docs.cloud.google.com

    Current cloud documentation describes attestation reports for Confidential VMs using hardware-based TSMs from AMD SEV-SNP and Intel TDX, showing active present-day deployment and user-facing consumption.

  3. amd.com

    AMD states SEV is available on current EPYC 7000/8000/9000 server CPUs and offered by major cloud providers, indicating the underlying confidential-VM hardware ecosystem is still sold and deployed.

codex reasoning notes (technical)

Local shell inspection showed this is real kernel module code (configfs-backed tsm_reports plus tsm-mr helper exports), not docs/helpers. Local shell git log showed the directory first landed in March/May 2025 and only has later treewide churn, with no age-based stagnation signal. Web search/open on the git.zx2c4 commit page was used to confirm the 2025 introduction rationale; web-open on Google Cloud attestation docs and AMD confidential-computing docs was used for current deployment evidence. I found no removal discussion in the limited lore/web search window, and the code serves active confidential-VM guest attestation/measurement flows rather than obsolete hardware, so deprecation is not indicated.