Virtualization can be the expertise on the root of Microsoft’s confidential computing companies, providing a approach to work with encrypted information securely, guaranteeing safety in storage, in movement, and in operation. Nesting encrypted digital environments on prime of conventional hypervisors works nicely sufficient, although it limits the working system features accessible inside a trusted execution setting.
Extending the hypervisor
That is the place an alternate method to virtualization is available in, what Microsoft is looking a “paravisor.” It builds on the idea of paravirtualization, which supplies extra hyperlinks between the host and virtualized environments. This method requires the shopper OS to be virtualization-aware, with an outlined set of APIs and drivers that may use these APIs when essential. It lets the shopper OS deal with remoted compute, and the host OS share I/O and different widespread companies between host and virtualized processes.
When you’re utilizing the virtualization-based safety features in Home windows, you’re utilizing a VM that helps paravirtualization. This ensures that secured operations have the identical precedence and {hardware} entry as their unsecured counterparts, avoiding efficiency bottlenecks and giving customers the identical expertise whether or not they’re inside or exterior a secured course of’s belief boundaries.