diff --git a/include/libvirt/libvirt-host.h b/include/libvirt/libvirt-host.h
index e1735539258a76345145da0f571a42af3efeb8f0..3112f2b676175c252bbe2cc1955d0f77203f5fd0 100644
--- a/include/libvirt/libvirt-host.h
+++ b/include/libvirt/libvirt-host.h
@@ -587,15 +587,6 @@ typedef virNodeMemoryStats *virNodeMemoryStatsPtr;
  */
 # define VIR_NODE_SEV_MAX_ES_GUESTS "max-es-guests"
 
-/**
- * VIR_NODE_SEV_USER_ID:
- *
- * Macro represents the user id string,enable reuse asid feature
- *
- * Since: 9.10.0
- */
-# define VIR_NODE_SEV_USER_ID "user-id"
-
 int virNodeGetSEVInfo (virConnectPtr conn,
                        virTypedParameterPtr *params,
                        int *nparams,
diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c
index 51adc4897c16cc1018634a627c701262a3e5633b..f6e09dc5848fd339af8644f9db2915e4dcb8b3a6 100644
--- a/src/conf/domain_capabilities.c
+++ b/src/conf/domain_capabilities.c
@@ -654,9 +654,6 @@ virDomainCapsFeatureSEVFormat(virBuffer *buf,
     if (sev->cpu0_id != NULL)
         virBufferAsprintf(buf, "<cpu0Id>%s</cpu0Id>\n", sev->cpu0_id);
 
-    if (sev->user_id != NULL)
-        virBufferAsprintf(buf, "<userid>%s</userid>\n", sev->user_id);
-
     virBufferAdjustIndent(buf, -2);
     virBufferAddLit(buf, "</sev>\n");
 }
diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h
index 20cff8571de530ba02457562f7e8c6723cc6f375..01bcfa2e395d470b15ab39c9023f099458219a96 100644
--- a/src/conf/domain_capabilities.h
+++ b/src/conf/domain_capabilities.h
@@ -213,7 +213,6 @@ struct _virSEVCapability {
     unsigned int reduced_phys_bits;
     unsigned int max_guests;
     unsigned int max_es_guests;
-    char *user_id;
 };
 
 typedef struct _virSGXSection virSGXSection;
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index dd0cb9d548b682ac6fa68c147ac4a1debf49fed6..d18e19bb7562b7e8f73af4d1aefc89df7b55e8a7 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -3821,6 +3821,9 @@ virDomainSecDefFree(virDomainSecDef *def)
     case VIR_DOMAIN_LAUNCH_SECURITY_SEV:
         g_free(def->data.sev.dh_cert);
         g_free(def->data.sev.session);
+        g_free(def->data.sev.user_id);
+        g_free(def->data.sev.secret_header);
+        g_free(def->data.sev.secret);
         break;
     case VIR_DOMAIN_LAUNCH_SECURITY_PV:
     case VIR_DOMAIN_LAUNCH_SECURITY_NONE:
@@ -13487,6 +13490,8 @@ virDomainSEVDefParseXML(virDomainSEVDef *def,
     def->dh_cert = virXPathString("string(./dhCert)", ctxt);
     def->session = virXPathString("string(./session)", ctxt);
     def->user_id = virXPathString("string(./userid)", ctxt);
+    def->secret_header = virXPathString("string(./secretHeader)", ctxt);
+    def->secret = virXPathString("string(./secret)", ctxt);
 
     return 0;
 }
@@ -26531,6 +26536,10 @@ virDomainSecDefFormat(virBuffer *buf, virDomainSecDef *sec)
 
         if (sev->user_id)
             virBufferEscapeString(&childBuf, "<userid>%s</userid>\n", sev->user_id);
+        if (sev->secret_header)
+            virBufferEscapeString(&childBuf, "<secretHeader>%s</secretHeader>\n", sev->secret_header);
+        if (sev->secret)
+            virBufferEscapeString(&childBuf, "<secret>%s</secret>\n", sev->secret);
 
         break;
     }
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index 6681eb37b4f1d2ce7230c6980550e78b0fb08467..63f88bdfdbf518e5468e87e21cc1933573682984 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2861,6 +2861,8 @@ struct _virDomainSEVDef {
     unsigned int reduced_phys_bits;
     virTristateBool kernel_hashes;
     char *user_id;
+    char *secret_header;
+    char *secret;
 };
 
 struct _virDomainSecDef {
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 95529970049696c2436b59f58aa65cb35282a308..ae4432804224fba0e4c52b851b3bb9039bb77c22 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -4857,7 +4857,6 @@ virQEMUCapsFormatSEVInfo(virQEMUCaps *qemuCaps, virBuffer *buf)
     virBufferAsprintf(buf, "<cbitpos>%u</cbitpos>\n", sev->cbitpos);
     virBufferAsprintf(buf, "<reducedPhysBits>%u</reducedPhysBits>\n",
                       sev->reduced_phys_bits);
-    virBufferEscapeString(buf, "<userid>%s</userid>\n", sev->user_id);
     virBufferEscapeString(buf, "<pdh>%s</pdh>\n", sev->pdh);
     virBufferEscapeString(buf, "<certChain>%s</certChain>\n",
                           sev->cert_chain);
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 579774a8c0649c30f734a11b52703de20e92b62a..e34b7a09d2cc1d4c4d7ebdc89c590d060a84ea89 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -9671,10 +9671,14 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
     qemuDomainObjPrivate *priv = vm->privateData;
     g_autofree char *dhpath = NULL;
     g_autofree char *sessionpath = NULL;
+    g_autofree char *secretheaderpath = NULL;
+    g_autofree char *secretpath = NULL;
 
-    VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d user_id=%s",
-              sev->policy, sev->cbitpos, sev->reduced_phys_bits,
-              sev->user_id ? : "(nil)");
+    VIR_DEBUG("policy=0x%x cbitpos=%d reduced_phys_bits=%d",
+              sev->policy, sev->cbitpos, sev->reduced_phys_bits);
+
+    if (sev->user_id)
+        VIR_DEBUG("user_id=%s", sev->user_id);
 
     if (sev->dh_cert)
         dhpath = g_strdup_printf("%s/dh_cert.base64", priv->libDir);
@@ -9682,6 +9686,12 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
     if (sev->session)
         sessionpath = g_strdup_printf("%s/session.base64", priv->libDir);
 
+    if (sev->secret_header)
+        secretheaderpath = g_strdup_printf("%s/secret_header.base64", priv->libDir);
+
+    if (sev->secret)
+        secretpath = g_strdup_printf("%s/secret.base64", priv->libDir);
+
     if (qemuMonitorCreateObjectProps(&props, "sev-guest", "lsec0",
                                      "u:cbitpos", sev->cbitpos,
                                      "u:reduced-phys-bits", sev->reduced_phys_bits,
@@ -9690,6 +9700,8 @@ qemuBuildSEVCommandLine(virDomainObj *vm, virCommand *cmd,
                                      "S:dh-cert-file", dhpath,
                                      "S:session-file", sessionpath,
                                      "T:kernel-hashes", sev->kernel_hashes,
+                                     "S:secret-header-file", secretheaderpath,
+                                     "S:secret-file", secretpath,
                                      NULL) < 0)
         return -1;
 
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 66c8e1dae33b814d28743011d16a1e25c00d4dcf..d00d2a27c69d6a244e33b9bc4f1f24317a6658c8 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -18968,10 +18968,6 @@ qemuGetSEVInfoToParams(virQEMUCaps *qemuCaps,
                               sev->max_es_guests) < 0)
         goto cleanup;
 
-    if (virTypedParamsAddString(&sevParams, &n, &maxpar,
-                    VIR_NODE_SEV_USER_ID, sev->user_id) < 0)
-        goto cleanup;
-
     *params = g_steal_pointer(&sevParams);
     *nparams = n;
     return 0;
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index fc05b4b24fb8115cfb293df814cb06f132edc918..cf7ae8bbfab11e4456b2101e0eeb8b477b2d23e3 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6729,6 +6729,16 @@ qemuProcessPrepareSEVGuestInput(virDomainObj *vm)
             return -1;
     }
 
+    if (sev->secret_header) {
+        if (qemuProcessSEVCreateFile(vm, "secret_header", sev->secret_header) < 0)
+            return -1;
+    }
+
+    if (sev->secret) {
+        if (qemuProcessSEVCreateFile(vm, "secret", sev->secret) < 0)
+            return -1;
+    }
+
     return 0;
 }