linux-drivers/
drivers/virt/coco/sev-guest

AMD SEV-SNP confidential VM guest interface

A guest-side interface for virtual machines running on AMD EPYC servers that use SEV-SNP, AMD's confidential-computing technology. It exposes /dev/sev-guest so software inside the VM can request signed attestation reports and derived keys from the AMD Platform Security Processor, proving to remote parties that the VM is running on genuine, properly configured hardware.

keep conf=0.94 deploy=medium replacement=none subsystem=virt category=virtualization
94%

recommendation

It should stay in the kernel because AMD SEV-SNP is a current feature of EPYC server processors and is actively offered by major clouds, including Google Cloud's Confidential VMs which specifically rely on /dev/sev-guest for attestation. The code is also under active upstream maintenance, with substantive fixes and feature work landing through 2024 and 2025.

repository signals

3 files
715 source lines
47 commits, 5y
+1,864 / −1,134 lines added / removed, 5y
16 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 47 total · active in 21/61 months
2021 2022 2023 2024 2025 2026 2021-04: 0 commits · +0 −0 2021-05: 0 commits · +0 −0 2021-06: 0 commits · +0 −0 2021-07: 0 commits · +0 −0 2021-08: 0 commits · +0 −0 2021-09: 0 commits · +0 −0 2021-10: 0 commits · +0 −0 2021-11: 0 commits · +0 −0 2021-12: 0 commits · +0 −0 2022-01: 0 commits · +0 −0 2022-02: 0 commits · +0 −0 2022-03: 0 commits · +0 −0 2022-04: 2 commits · +857 −35 2022-05: 0 commits · +0 −0 2022-06: 0 commits · +0 −0 2022-07: 1 commit · +6 −3 2022-08: 0 commits · +0 −0 2022-09: 0 commits · +0 −0 2022-10: 1 commit · +1 −3 2022-11: 2 commits · +71 −14 2022-12: 0 commits · +0 −0 2023-01: 1 commit · +1 −0 2023-02: 6 commits · +70 −38 2023-03: 3 commits · +89 −54 2023-04: 0 commits · +0 −0 2023-05: 0 commits · +0 −0 2023-06: 0 commits · +0 −0 2023-07: 1 commit · +32 −12 2023-08: 0 commits · +0 −0 2023-09: 0 commits · +0 −0 2023-10: 2 commits · +161 −20 2023-11: 0 commits · +0 −0 2023-12: 1 commit · +2 −4 2024-01: 0 commits · +0 −0 2024-02: 0 commits · +0 −0 2024-03: 1 commit · +6 −1 2024-04: 1 commit · +14 −14 2024-05: 0 commits · +0 −0 2024-06: 4 commits · +199 −5 2024-07: 5 commits · +70 −131 2024-08: 0 commits · +0 −0 2024-09: 0 commits · +0 −0 2024-10: 4 commits · +189 −287 2024-11: 0 commits · +0 −0 2024-12: 2 commits · +2 −1 2025-01: 4 commits · +24 −470 2025-02: 0 commits · +0 −0 2025-03: 3 commits · +49 −21 2025-04: 0 commits · +0 −0 2025-05: 0 commits · +0 −0 2025-06: 1 commit · +6 −3 2025-07: 1 commit · +12 −15 2025-08: 0 commits · +0 −0 2025-09: 0 commits · +0 −0 2025-10: 0 commits · +0 −0 2025-11: 0 commits · +0 −0 2025-12: 0 commits · +0 −0 2026-01: 0 commits · +0 −0 2026-02: 1 commit · +3 −3 2026-03: 0 commits · +0 −0 2026-04: 0 commits · +0 −0

sources

  1. github.com

    In-tree Kconfig describes this as the 'AMD SEV Guest driver' and says it exposes a userspace interface for attestation reports and related PSP communication.

  2. github.com

    The driver received a substantive upstream fix in 2025 ('virt: sev-guest: Satisfy linear mapping requirement in get_derived_key()'), indicating active maintenance rather than retirement.

  3. github.com

    The driver gained/reporting integration work in 2024 ('virt: sevguest: Add TSM_REPORTS support for SNP_GET_EXT_REPORT'), showing feature evolution.

  4. amd.com

    AMD documents SEV/SEV-SNP as a current confidential-computing feature of AMD EPYC server CPUs, so the underlying platform is still current rather than legacy-only.

  5. cloud.google.com

    Google Cloud still documents AMD SEV-SNP Confidential VM support and explicitly references guest attestation support tied to '/dev/sev-guest', evidencing present-day deployment.

codex reasoning notes (technical)

Real driver, not a helper/test: local shell inspection of Kconfig and sev-guest.c showed a module_platform_driver_probe()-registered platform driver and miscdevice for SNP guest attestation. Local `git log` on the directory showed steady 2024-2025 upstream activity and no removal/deprecation commits; no active removal signal was found in the local history checks. The three GitHub URLs were obtained by combining local `git remote -v` (upstream torvalds/linux) with the path/commit hashes from local `git log` and `sed`. The AMD and Google Cloud URLs were obtained via web search. Conclusion: this is a current confidential-VM guest driver with ongoing upstream work and live cloud deployments, so keep it.