linux-drivers/
drivers/virt/coco/pkvm-guest

Arm pKVM Protected Guest Support

Guest-side support code that lets a Linux virtual machine run as a "protected" guest under Arm's pKVM (protected KVM) hypervisor, where the host kernel cannot read the guest's memory. It targets confidential-computing scenarios on recent ARM64 server and mobile platforms, handling the hypercalls and memory-sharing protocol the guest needs to talk safely to its host.

keep conf=0.87 deploy=low replacement=none subsystem=virt category=virtualization
87%

recommendation

It should stay because this is brand-new code, first merged in August 2024 and still receiving fixes as recently as December 2024, and it underpins confidential-computing workloads on modern ARM64 hardware. Removing or deprecating it would make no sense so soon after introduction, especially while Arm's protected virtualization story is still rolling out in production silicon and cloud deployments.

repository signals

3 files
123 source lines
4 commits, 5y
+140 / −5 lines added / removed, 5y
1 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 4 total · active in 2/61 months
2021 2022 2023 2024 2025 2026 2021-04: 0 commits · +0 −0 2021-05: 0 commits · +0 −0 2021-06: 0 commits · +0 −0 2021-07: 0 commits · +0 −0 2021-08: 0 commits · +0 −0 2021-09: 0 commits · +0 −0 2021-10: 0 commits · +0 −0 2021-11: 0 commits · +0 −0 2021-12: 0 commits · +0 −0 2022-01: 0 commits · +0 −0 2022-02: 0 commits · +0 −0 2022-03: 0 commits · +0 −0 2022-04: 0 commits · +0 −0 2022-05: 0 commits · +0 −0 2022-06: 0 commits · +0 −0 2022-07: 0 commits · +0 −0 2022-08: 0 commits · +0 −0 2022-09: 0 commits · +0 −0 2022-10: 0 commits · +0 −0 2022-11: 0 commits · +0 −0 2022-12: 0 commits · +0 −0 2023-01: 0 commits · +0 −0 2023-02: 0 commits · +0 −0 2023-03: 0 commits · +0 −0 2023-04: 0 commits · +0 −0 2023-05: 0 commits · +0 −0 2023-06: 0 commits · +0 −0 2023-07: 0 commits · +0 −0 2023-08: 0 commits · +0 −0 2023-09: 0 commits · +0 −0 2023-10: 0 commits · +0 −0 2023-11: 0 commits · +0 −0 2023-12: 0 commits · +0 −0 2024-01: 0 commits · +0 −0 2024-02: 0 commits · +0 −0 2024-03: 0 commits · +0 −0 2024-04: 0 commits · +0 −0 2024-05: 0 commits · +0 −0 2024-06: 0 commits · +0 −0 2024-07: 0 commits · +0 −0 2024-08: 3 commits · +139 −0 2024-09: 0 commits · +0 −0 2024-10: 0 commits · +0 −0 2024-11: 0 commits · +0 −0 2024-12: 1 commit · +1 −5 2025-01: 0 commits · +0 −0 2025-02: 0 commits · +0 −0 2025-03: 0 commits · +0 −0 2025-04: 0 commits · +0 −0 2025-05: 0 commits · +0 −0 2025-06: 0 commits · +0 −0 2025-07: 0 commits · +0 −0 2025-08: 0 commits · +0 −0 2025-09: 0 commits · +0 −0 2025-10: 0 commits · +0 −0 2025-11: 0 commits · +0 −0 2025-12: 0 commits · +0 −0 2026-01: 0 commits · +0 −0 2026-02: 0 commits · +0 −0 2026-03: 0 commits · +0 −0 2026-04: 0 commits · +0 −0

sources

  1. git.kernel.org

    Initial upstream addition of the Arm pKVM protected guest driver on 2024-08-30, indicating a new driver rather than legacy code awaiting retirement.

  2. git.kernel.org

    Follow-up functional fix landed on 2024-12-03, showing continued upstream maintenance after introduction.

  3. cateee.net

    CONFIG_ARM_PKVM_GUEST is present in mainline kernels 6.12 through 6.19 and 7.0-rc+HEAD, confirming this is current upstream guest-support code, not removed or orphaned legacy hardware support.

codex reasoning notes (technical)

Local shell inspection of Kconfig and arm-pkvm-guest.c showed this directory is real kernel driver code for Arm pKVM protected guests, though it is a guest/virtualization driver rather than a physical-device bus driver. Local shell git log showed only four commits, all between 2024-08-30 and 2024-12-03, with no sign of long-term stagnation; canonical kernel.org commit URLs were formed from those observed hashes. Web search returned the LKDDb page, which confirms the config remains present in current kernels. No removal discussion evidence was found in the available tooling; given the driver's very recent introduction and ongoing confidential-computing relevance on new ARM64 systems, deprecation would be premature. Deployments are likely niche but current, so keep.