diff --git a/resources/hiding_ci/build_and_install_kernel.sh b/resources/hiding_ci/build_and_install_kernel.sh
index e9be6b6da6c..41acd53ba36 100755
--- a/resources/hiding_ci/build_and_install_kernel.sh
+++ b/resources/hiding_ci/build_and_install_kernel.sh
@@ -65,31 +65,35 @@ confirm() {
 }
 
 apply_patch_file() {
-  git apply $1
-}
-
-apply_series_mbox() {
-  git am $1 --empty=drop
-}
+  echo "Applying patch:" $(basename $1)
 
-apply_series_link() {
-  patch_url=$(cat $1)
-  echo "Fetching mbox from:" $patch_url
-  curl --output lore.mbox.gz "$patch_url/t.mbox.gz"
-  gunzip lore.mbox
-  apply_series_mbox lore.mbox
-  rm lore.mbox
+  git apply $1
 }
 
 apply_patch_or_series() {
   case "$1" in
   *.patch) apply_patch_file $1 ;;
-  *.mbox) apply_series_mbox $1 ;;
-  *.lore) apply_series_link $1 ;;
   *) echo "Skipping non-patch file" $1 ;;
   esac
 }
 
+apply_all_patches() {
+  if [ ! -d "$1" ]; then
+    echo "Not a directory: $1"
+    return
+  fi
+
+  echo "Applying all patches in $1"
+
+  for f in $1/*; do
+    if [ -d $f ]; then
+      apply_all_patches $f
+    else
+      apply_patch_or_series $f
+    fi
+  done
+}
+
 check_new_config() {
   if [[ -e "/boot/config-$KERNEL_VERSION" ]]; then
     return 0;
@@ -171,10 +175,7 @@ git fetch --depth 1 origin $KERNEL_COMMIT_HASH
 git checkout FETCH_HEAD
 
 # Apply our patches on top
-for PATCH in $KERNEL_PATCHES_DIR/*.*; do
-  echo "Applying patch:" $(basename $PATCH)
-  apply_patch_or_series $PATCH
-done
+apply_all_patches $KERNEL_PATCHES_DIR
 
 echo "Making kernel config ready for build"
 # We use olddefconfig to automatically pull in the
diff --git a/resources/hiding_ci/linux_patches/0001-mm-Consolidate-freeing-of-typed-folios-on-final-foli.patch b/resources/hiding_ci/linux_patches/05-mmap-support/0001-mm-Consolidate-freeing-of-typed-folios-on-final-foli.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0001-mm-Consolidate-freeing-of-typed-folios-on-final-foli.patch
rename to resources/hiding_ci/linux_patches/05-mmap-support/0001-mm-Consolidate-freeing-of-typed-folios-on-final-foli.patch
diff --git a/resources/hiding_ci/linux_patches/0002-KVM-guest_memfd-Handle-final-folio_put-of-guest_memf.patch b/resources/hiding_ci/linux_patches/05-mmap-support/0002-KVM-guest_memfd-Handle-final-folio_put-of-guest_memf.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0002-KVM-guest_memfd-Handle-final-folio_put-of-guest_memf.patch
rename to resources/hiding_ci/linux_patches/05-mmap-support/0002-KVM-guest_memfd-Handle-final-folio_put-of-guest_memf.patch
diff --git a/resources/hiding_ci/linux_patches/0003-KVM-guest_memfd-Allow-host-to-map-guest_memfd-pages.patch b/resources/hiding_ci/linux_patches/05-mmap-support/0003-KVM-guest_memfd-Allow-host-to-map-guest_memfd-pages.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0003-KVM-guest_memfd-Allow-host-to-map-guest_memfd-pages.patch
rename to resources/hiding_ci/linux_patches/05-mmap-support/0003-KVM-guest_memfd-Allow-host-to-map-guest_memfd-pages.patch
diff --git a/resources/hiding_ci/linux_patches/0004-KVM-x86-Mark-KVM_X86_SW_PROTECTED_VM-as-supporting-g.patch b/resources/hiding_ci/linux_patches/05-mmap-support/0004-KVM-x86-Mark-KVM_X86_SW_PROTECTED_VM-as-supporting-g.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0004-KVM-x86-Mark-KVM_X86_SW_PROTECTED_VM-as-supporting-g.patch
rename to resources/hiding_ci/linux_patches/05-mmap-support/0004-KVM-x86-Mark-KVM_X86_SW_PROTECTED_VM-as-supporting-g.patch
diff --git a/resources/hiding_ci/linux_patches/0005-KVM-arm64-Refactor-user_mem_abort-calculation-of-for.patch b/resources/hiding_ci/linux_patches/05-mmap-support/0005-KVM-arm64-Refactor-user_mem_abort-calculation-of-for.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0005-KVM-arm64-Refactor-user_mem_abort-calculation-of-for.patch
rename to resources/hiding_ci/linux_patches/05-mmap-support/0005-KVM-arm64-Refactor-user_mem_abort-calculation-of-for.patch
diff --git a/resources/hiding_ci/linux_patches/0006-KVM-guest_memfd-Handle-in-place-shared-memory-as-gue.patch b/resources/hiding_ci/linux_patches/05-mmap-support/0006-KVM-guest_memfd-Handle-in-place-shared-memory-as-gue.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0006-KVM-guest_memfd-Handle-in-place-shared-memory-as-gue.patch
rename to resources/hiding_ci/linux_patches/05-mmap-support/0006-KVM-guest_memfd-Handle-in-place-shared-memory-as-gue.patch
diff --git a/resources/hiding_ci/linux_patches/0007-KVM-arm64-Handle-guest_memfd-backed-guest-page-fault.patch b/resources/hiding_ci/linux_patches/05-mmap-support/0007-KVM-arm64-Handle-guest_memfd-backed-guest-page-fault.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0007-KVM-arm64-Handle-guest_memfd-backed-guest-page-fault.patch
rename to resources/hiding_ci/linux_patches/05-mmap-support/0007-KVM-arm64-Handle-guest_memfd-backed-guest-page-fault.patch
diff --git a/resources/hiding_ci/linux_patches/0008-KVM-guest_memfd-selftests-guest_memfd-mmap-test-when.patch b/resources/hiding_ci/linux_patches/05-mmap-support/0008-KVM-guest_memfd-selftests-guest_memfd-mmap-test-when.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0008-KVM-guest_memfd-selftests-guest_memfd-mmap-test-when.patch
rename to resources/hiding_ci/linux_patches/05-mmap-support/0008-KVM-guest_memfd-selftests-guest_memfd-mmap-test-when.patch
diff --git a/resources/hiding_ci/linux_patches/0009-KVM-arm64-Enable-mapping-guest_memfd-in-arm64.patch b/resources/hiding_ci/linux_patches/05-mmap-support/0009-KVM-arm64-Enable-mapping-guest_memfd-in-arm64.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0009-KVM-arm64-Enable-mapping-guest_memfd-in-arm64.patch
rename to resources/hiding_ci/linux_patches/05-mmap-support/0009-KVM-arm64-Enable-mapping-guest_memfd-in-arm64.patch
diff --git a/resources/hiding_ci/linux_patches/0010-mm-introduce-AS_NO_DIRECT_MAP.patch b/resources/hiding_ci/linux_patches/10-direct-map-removal/0010-mm-introduce-AS_NO_DIRECT_MAP.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0010-mm-introduce-AS_NO_DIRECT_MAP.patch
rename to resources/hiding_ci/linux_patches/10-direct-map-removal/0010-mm-introduce-AS_NO_DIRECT_MAP.patch
diff --git a/resources/hiding_ci/linux_patches/0011-KVM-guest_memfd-Add-flag-to-remove-from-direct-map.patch b/resources/hiding_ci/linux_patches/10-direct-map-removal/0011-KVM-guest_memfd-Add-flag-to-remove-from-direct-map.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0011-KVM-guest_memfd-Add-flag-to-remove-from-direct-map.patch
rename to resources/hiding_ci/linux_patches/10-direct-map-removal/0011-KVM-guest_memfd-Add-flag-to-remove-from-direct-map.patch
diff --git a/resources/hiding_ci/linux_patches/0012-fixup-for-direct-map-removal-v4.patch b/resources/hiding_ci/linux_patches/10-direct-map-removal/0012-fixup-for-direct-map-removal-v4.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0012-fixup-for-direct-map-removal-v4.patch
rename to resources/hiding_ci/linux_patches/10-direct-map-removal/0012-fixup-for-direct-map-removal-v4.patch
diff --git a/resources/hiding_ci/linux_patches/0013-KVM-Add-KVM_MEM_USERFAULT-memslot-flag-and-bitmap.patch b/resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0013-KVM-Add-KVM_MEM_USERFAULT-memslot-flag-and-bitmap.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0013-KVM-Add-KVM_MEM_USERFAULT-memslot-flag-and-bitmap.patch
rename to resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0013-KVM-Add-KVM_MEM_USERFAULT-memslot-flag-and-bitmap.patch
diff --git a/resources/hiding_ci/linux_patches/0014-KVM-Add-KVM_MEMORY_EXIT_FLAG_USERFAULT.patch b/resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0014-KVM-Add-KVM_MEMORY_EXIT_FLAG_USERFAULT.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0014-KVM-Add-KVM_MEMORY_EXIT_FLAG_USERFAULT.patch
rename to resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0014-KVM-Add-KVM_MEMORY_EXIT_FLAG_USERFAULT.patch
diff --git a/resources/hiding_ci/linux_patches/0015-KVM-Allow-late-setting-of-KVM_MEM_USERFAULT-on-guest.patch b/resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0015-KVM-Allow-late-setting-of-KVM_MEM_USERFAULT-on-guest.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0015-KVM-Allow-late-setting-of-KVM_MEM_USERFAULT-on-guest.patch
rename to resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0015-KVM-Allow-late-setting-of-KVM_MEM_USERFAULT-on-guest.patch
diff --git a/resources/hiding_ci/linux_patches/0016-KVM-x86-mmu-Add-support-for-KVM_MEM_USERFAULT.patch b/resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0016-KVM-x86-mmu-Add-support-for-KVM_MEM_USERFAULT.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0016-KVM-x86-mmu-Add-support-for-KVM_MEM_USERFAULT.patch
rename to resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0016-KVM-x86-mmu-Add-support-for-KVM_MEM_USERFAULT.patch
diff --git a/resources/hiding_ci/linux_patches/0017-KVM-Advertise-KVM_CAP_USERFAULT-in-KVM_CHECK_EXTENSI.patch b/resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0017-KVM-Advertise-KVM_CAP_USERFAULT-in-KVM_CHECK_EXTENSI.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0017-KVM-Advertise-KVM_CAP_USERFAULT-in-KVM_CHECK_EXTENSI.patch
rename to resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0017-KVM-Advertise-KVM_CAP_USERFAULT-in-KVM_CHECK_EXTENSI.patch
diff --git a/resources/hiding_ci/linux_patches/0018-KVM-arm64-Add-support-for-KVM_MEM_USERFAULT.patch b/resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0018-KVM-arm64-Add-support-for-KVM_MEM_USERFAULT.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0018-KVM-arm64-Add-support-for-KVM_MEM_USERFAULT.patch
rename to resources/hiding_ci/linux_patches/15-kvm-mem-userfault/0018-KVM-arm64-Add-support-for-KVM_MEM_USERFAULT.patch
diff --git a/resources/hiding_ci/linux_patches/0019-KVM-guest_memfd-add-generic-population-via-write.patch b/resources/hiding_ci/linux_patches/20-gmem-write/0019-KVM-guest_memfd-add-generic-population-via-write.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0019-KVM-guest_memfd-add-generic-population-via-write.patch
rename to resources/hiding_ci/linux_patches/20-gmem-write/0019-KVM-guest_memfd-add-generic-population-via-write.patch
diff --git a/resources/hiding_ci/linux_patches/0020-KVM-selftests-update-guest_memfd-write-tests.patch b/resources/hiding_ci/linux_patches/20-gmem-write/0020-KVM-selftests-update-guest_memfd-write-tests.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0020-KVM-selftests-update-guest_memfd-write-tests.patch
rename to resources/hiding_ci/linux_patches/20-gmem-write/0020-KVM-selftests-update-guest_memfd-write-tests.patch
diff --git a/resources/hiding_ci/linux_patches/0021-mm-userfaultfd-generic-continue-for-non-hugetlbfs.patch b/resources/hiding_ci/linux_patches/25-gmem-uffd/0021-mm-userfaultfd-generic-continue-for-non-hugetlbfs.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0021-mm-userfaultfd-generic-continue-for-non-hugetlbfs.patch
rename to resources/hiding_ci/linux_patches/25-gmem-uffd/0021-mm-userfaultfd-generic-continue-for-non-hugetlbfs.patch
diff --git a/resources/hiding_ci/linux_patches/0022-mm-provide-can_userfault-vma-operation.patch b/resources/hiding_ci/linux_patches/25-gmem-uffd/0022-mm-provide-can_userfault-vma-operation.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0022-mm-provide-can_userfault-vma-operation.patch
rename to resources/hiding_ci/linux_patches/25-gmem-uffd/0022-mm-provide-can_userfault-vma-operation.patch
diff --git a/resources/hiding_ci/linux_patches/0023-mm-userfaultfd-use-can_userfault-vma-operation.patch b/resources/hiding_ci/linux_patches/25-gmem-uffd/0023-mm-userfaultfd-use-can_userfault-vma-operation.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0023-mm-userfaultfd-use-can_userfault-vma-operation.patch
rename to resources/hiding_ci/linux_patches/25-gmem-uffd/0023-mm-userfaultfd-use-can_userfault-vma-operation.patch
diff --git a/resources/hiding_ci/linux_patches/0024-KVM-guest_memfd-add-support-for-userfaultfd-minor.patch b/resources/hiding_ci/linux_patches/25-gmem-uffd/0024-KVM-guest_memfd-add-support-for-userfaultfd-minor.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0024-KVM-guest_memfd-add-support-for-userfaultfd-minor.patch
rename to resources/hiding_ci/linux_patches/25-gmem-uffd/0024-KVM-guest_memfd-add-support-for-userfaultfd-minor.patch
diff --git a/resources/hiding_ci/linux_patches/0025-mm-userfaultfd-add-UFFD_FEATURE_MINOR_GUEST_MEMFD.patch b/resources/hiding_ci/linux_patches/25-gmem-uffd/0025-mm-userfaultfd-add-UFFD_FEATURE_MINOR_GUEST_MEMFD.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0025-mm-userfaultfd-add-UFFD_FEATURE_MINOR_GUEST_MEMFD.patch
rename to resources/hiding_ci/linux_patches/25-gmem-uffd/0025-mm-userfaultfd-add-UFFD_FEATURE_MINOR_GUEST_MEMFD.patch
diff --git a/resources/hiding_ci/linux_patches/0026-fixup-for-guest_memfd-uffd-v3.patch b/resources/hiding_ci/linux_patches/25-gmem-uffd/0026-fixup-for-guest_memfd-uffd-v3.patch
similarity index 100%
rename from resources/hiding_ci/linux_patches/0026-fixup-for-guest_memfd-uffd-v3.patch
rename to resources/hiding_ci/linux_patches/25-gmem-uffd/0026-fixup-for-guest_memfd-uffd-v3.patch
diff --git a/resources/hiding_ci/linux_patches/README.md b/resources/hiding_ci/linux_patches/README.md
index 7a119e42452..8889ed95e77 100644
--- a/resources/hiding_ci/linux_patches/README.md
+++ b/resources/hiding_ci/linux_patches/README.md
@@ -1,8 +1,8 @@
 # Linux kernel patches for direct map removal
 
-The Linux kernel patches in this directory are distributed under the `GPL-2.0`
-licence (see the full licence text at [GPL-2.0](./GPL-2.0)). The patches are
-required by Firecracker's "Secret Freedom" feature that removes the VM memory
-from the host direct map (see
+The Linux kernel patches in this directory and its subdirectories are
+distributed under the `GPL-2.0` licence (see the full licence text at
+[GPL-2.0](./GPL-2.0)). The patches are required by Firecracker's "Secret
+Freedom" feature that removes the VM memory from the host direct map (see
 [lore](https://lore.kernel.org/kvm/20250221160728.1584559-1-roypat@amazon.co.uk/)
 for more details). The patches are not yet merged upstream.