diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
new file mode 100644
index 0000000000000..b01c01826db24
--- /dev/null
+++ b/.github/workflows/coverage.yml
@@ -0,0 +1,56 @@
+name: Code coverage
+on:
+  pull_request:
+  push:
+    branches:
+      - TDE_REL_17_STABLE
+
+jobs:
+  collect:
+    name: Collect and upload
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Clone repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Install dependencies
+        run: ci_scripts/ubuntu-deps.sh
+
+      - name: Build postgres
+        run: ci_scripts/make-build.sh debug --enable-coverage
+
+      - name: Setup kmip and vault
+        run: ci_scripts/setup-keyring-servers.sh
+
+      - name: Test postgres with TDE to generate coverage
+        run: ci_scripts/make-test.sh --tde-only
+
+      - name: Collect coverage data
+        run: find . -type f -name "*.c" ! -path '*libkmip*' | xargs -t gcov -abcfu
+        working-directory: contrib/pg_tde
+
+      - name: Upload coverage data to codecov.io
+        uses: codecov/codecov-action@v5
+        with:
+          verbose: true
+          token: ${{ secrets.CODECOV_TOKEN }}
+          working-directory: contrib/pg_tde
+          files: "*.c.gcov"
+
+      - name: Report on test fail
+        uses: actions/upload-artifact@v4
+        if: ${{ failure() }}
+        with:
+          name: coverage-testlog-tde
+          path: |
+            build/testrun/
+            contrib/pg_tde/t/
+            contrib/pg_tde/results
+            contrib/pg_tde/regression.diffs
+            contrib/pg_tde/regression.out
+            contrib/pg_tde/*.gcov
+          retention-days: 3
+
+
diff --git a/.github/workflows/psp-reusable.yml b/.github/workflows/psp-reusable.yml
index a851a1d0176ef..4af5cb3b32036 100644
--- a/.github/workflows/psp-reusable.yml
+++ b/.github/workflows/psp-reusable.yml
@@ -14,7 +14,6 @@ on:
 
 env:
   artifact_name: build-${{ inputs.os }}-${{ inputs.build_script }}-${{ inputs.build_type }}
-  coverage_artifact_name: coverage-build-${{ inputs.os }}-${{ inputs.build_script }}-${{ inputs.build_type }}
 
 jobs:
   build:
@@ -46,36 +45,6 @@ jobs:
             artifacts.tar
           retention-days: 1
 
-  build-coverage:
-    name: Build PSP for Coverage
-    runs-on: ${{ inputs.os }}
-    if: inputs.build_script == 'make' && inputs.build_type == 'debug'
-    steps:
-      - name: Clone repository
-        uses: actions/checkout@v4
-        with:
-          path: 'src'
-          submodules: recursive
-          ref: ${{ github.ref }}
-
-      - name: Install dependencies
-        run: src/ci_scripts/ubuntu-deps.sh
-
-      - name: Build postgres
-        run: src/ci_scripts/${{ inputs.build_script }}-build.sh ${{ inputs.build_type }} --enable-coverage
-
-      - name: Archive pginst to artifact tar file
-        run: tar -czf coverage-artifacts.tar src pginst
-
-      - name: Upload build coverage-artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: ${{ env.coverage_artifact_name }}
-          overwrite: true
-          path: |
-            coverage-artifacts.tar
-          retention-days: 1
-
   test:
     name: Test PSP
     runs-on: ${{ inputs.os }}
@@ -135,8 +104,8 @@ jobs:
       - name: Setup kmip and vault
         run: src/ci_scripts/setup-keyring-servers.sh
 
-      - name: Test postgres with TDE
-        run: src/ci_scripts/${{ inputs.build_script }}-test-tde.sh --continue
+      - name: Test postgres with TDE as default access method
+        run: src/ci_scripts/${{ inputs.build_script }}-test-global-tde.sh --continue
 
       - name: Report on test fail
         uses: actions/upload-artifact@v4
@@ -150,54 +119,3 @@ jobs:
             src/contrib/*/regression.diffs
             src/contrib/*/regression.out
           retention-days: 3
-
-  test_tde_coverage:
-    name: Generate Codecov Code Coverage
-    runs-on: ${{ inputs.os }}
-    if: inputs.build_script == 'make' && inputs.build_type == 'debug'
-    needs: build
-
-    steps:
-      - name: Download build coverage-artifacts
-        uses: actions/download-artifact@v4
-        with:
-          name: ${{ env.coverage_artifact_name }}
-          path: .
-
-      - name: Extract artifact file
-        run: tar -xzf coverage-artifacts.tar
-
-      - name: Install dependencies
-        run: src/ci_scripts/ubuntu-deps.sh
-
-      - name: Setup kmip and vault
-        run: src/ci_scripts/setup-keyring-servers.sh
-
-      - name: Test postgres with TDE to generate coverage
-        run: src/ci_scripts/${{ inputs.build_script }}-test-tde.sh --continue --tde-only
-
-      - name: Run code coverage
-        run: find src/ -type f -name "*.c" ! -path '*libkmip*' | xargs -t gcov -abcfu
-        working-directory: src/contrib/pg_tde
-
-      - name: Upload coverage data to codecov.io
-        uses: codecov/codecov-action@v5
-        with:
-          verbose: true
-          token: ${{ secrets.CODECOV_TOKEN }}
-          working-directory: src/contrib/pg_tde
-          files: "*.c.gcov"
-
-      - name: Report on test fail
-        uses: actions/upload-artifact@v4
-        if: ${{ failure() }}
-        with:
-          name: coverage-testlog-tde-${{ inputs.os }}-${{  inputs.build_script }}-${{ inputs.build_type }}
-          path: |
-            src/build/testrun/
-            src/contrib/pg_tde/t/
-            src/contrib/pg_tde/results
-            src/contrib/pg_tde/regression.diffs
-            src/contrib/pg_tde/regression.out
-            src/contrib/pg_tde/*.gcov
-          retention-days: 3
diff --git a/README.md b/README.md
index 139bf5cfd8008..4501f53904c77 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-[![codecov](https://codecov.io/github/percona/postgres/graph/badge.svg?token=Wow78BMYdP)](https://codecov.io/github/percona/postgres)
+### Code coverage for [pg_tde](https://github.com/percona/postgres/tree/TDE_REL_17_STABLE/contrib/pg_tde): [![codecov](https://codecov.io/github/percona/postgres/graph/badge.svg?token=Wow78BMYdP)](https://codecov.io/github/percona/postgres)
 
 Percona Server for PostgreSQL
 =============================
diff --git a/ci_scripts/configure-tde-server.sh b/ci_scripts/configure-global-tde.sh
similarity index 100%
rename from ci_scripts/configure-tde-server.sh
rename to ci_scripts/configure-global-tde.sh
diff --git a/ci_scripts/make-test-global-tde.sh b/ci_scripts/make-test-global-tde.sh
new file mode 100755
index 0000000000000..4c8e72c0fa617
--- /dev/null
+++ b/ci_scripts/make-test-global-tde.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+ADD_FLAGS=
+
+for arg in "$@"
+do
+    case "$arg" in
+        --continue)
+            ADD_FLAGS="-k"
+            shift;;
+    esac
+done
+
+SCRIPT_DIR="$(cd -- "$(dirname "$0")" >/dev/null 2>&1; pwd -P)"
+source $SCRIPT_DIR/env.sh
+source $SCRIPT_DIR/configure-global-tde.sh
+
+EXTRA_REGRESS_OPTS="--extra-setup=$SCRIPT_DIR/tde_setup.sql" make -s installcheck-world $ADD_FLAGS
diff --git a/ci_scripts/make-test-tde.sh b/ci_scripts/make-test-tde.sh
deleted file mode 100755
index 17568c0b4756d..0000000000000
--- a/ci_scripts/make-test-tde.sh
+++ /dev/null
@@ -1,30 +0,0 @@
-#!/bin/bash
-
-set -e
-ADD_FLAGS=
-TDE_ONLY=0
-
-for arg in "$@"
-do
-    case "$arg" in
-        --continue)
-            ADD_FLAGS="-k"
-            shift;;
-        --tde-only)
-            TDE_ONLY=1
-            shift;;
-    esac
-done
-
-SCRIPT_DIR="$(cd -- "$(dirname "$0")" >/dev/null 2>&1; pwd -P)"
-source $SCRIPT_DIR/env.sh
-source $SCRIPT_DIR/configure-tde-server.sh
-
-if [ "$TDE_ONLY" -eq 1 ];
-then
-    cd "$SCRIPT_DIR/../contrib/pg_tde"
-    EXTRA_REGRESS_OPTS="--extra-setup=$SCRIPT_DIR/tde_setup.sql" make -s installcheck $ADD_FLAGS
-else
-    cd "$SCRIPT_DIR/.."
-    EXTRA_REGRESS_OPTS="--extra-setup=$SCRIPT_DIR/tde_setup.sql" make -s installcheck-world $ADD_FLAGS
-fi
diff --git a/ci_scripts/make-test.sh b/ci_scripts/make-test.sh
index 52c0aa58670bb..ea6377496f3b5 100755
--- a/ci_scripts/make-test.sh
+++ b/ci_scripts/make-test.sh
@@ -1,9 +1,26 @@
 #!/bin/bash
 
+set -e
+TDE_ONLY=0
+
+for arg in "$@"
+do
+    case "$arg" in
+        --tde-only)
+            TDE_ONLY=1
+            shift;;
+    esac
+done
+
 SCRIPT_DIR="$(cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P)"
 INSTALL_DIR="$SCRIPT_DIR/../../pginst"
 source $SCRIPT_DIR/env.sh
 
-cd "$SCRIPT_DIR/.."
-
-make -s check-world
+if [ "$TDE_ONLY" -eq 1 ];
+then
+    cd "$SCRIPT_DIR/../contrib/pg_tde"
+    make -s check
+else
+    cd "$SCRIPT_DIR/.."
+    make -s check-world
+fi
diff --git a/contrib/pg_tde/Makefile b/contrib/pg_tde/Makefile
index e31267a6365bf..f71d289593974 100644
--- a/contrib/pg_tde/Makefile
+++ b/contrib/pg_tde/Makefile
@@ -53,6 +53,7 @@ src/libkmip/libkmip/src/kmip_memset.o
 
 SCRIPTS_built = src/pg_tde_change_key_provider
 
+EXTRA_INSTALL+=contrib/pg_buffercache contrib/test_decoding
 EXTRA_CLEAN += src/pg_tde_change_key_provider.o
 
 ifdef USE_PGXS
diff --git a/contrib/pg_tde/README.md b/contrib/pg_tde/README.md
index 437388716c5bb..ec367e2cdcab3 100644
--- a/contrib/pg_tde/README.md
+++ b/contrib/pg_tde/README.md
@@ -1,4 +1,5 @@
 [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/percona/pg_tde/badge)](https://scorecard.dev/viewer/?uri=github.com/percona/pg_tde)
+[![codecov](https://codecov.io/github/percona/postgres/graph/badge.svg?token=Wow78BMYdP)](https://codecov.io/github/percona/postgres)
 [![Forum](https://img.shields.io/badge/Forum-join-brightgreen)](https://forums.percona.com/)
 
 # pg_tde: Transparent Database Encryption for PostgreSQL