1. 11
  1. 5

    Who do I have to pay to write a lightweight hypervisor that runs on commodity hardware and provides an environment where we can run this sort of code?

    You might take a look at Hafnium. It’s basically this, for Android. I’m not sure how Arm-specific the implementation is.

    That said, this is probably less important on newer AMD hardware. With SEV-SNP, you can create an isolated VM from KVM with the guarantee that the host OS can’t see any of its pages, which gives you a slightly stronger security guarantee. If Intel ever remembers how to ship a product, Intel TDX will give the same guarantees.

    1. 1

      I fear this will hamper adoption of the spec, which as someone with Apple devices who wants TouchID for MFA at least, will make me sad.