Virtualization can also be the know-how on the root of Microsoft’s confidential computing providers, providing a approach to work with encrypted information securely, guaranteeing safety in storage, in movement, and in operation. Nesting encrypted digital environments on prime of conventional hypervisors works nicely sufficient, although it limits the working system capabilities accessible inside a trusted execution surroundings.
Extending the hypervisor
That is the place an alternate method to virtualization is available in, what Microsoft is asking a “paravisor.” It builds on the idea of paravirtualization, which offers extra hyperlinks between the host and virtualized environments. This method requires the shopper OS to be virtualization-aware, with an outlined set of APIs and drivers that may use these APIs when needed. It lets the shopper OS deal with remoted compute, and the host OS share I/O and different widespread providers between host and virtualized processes.
When you’re utilizing the virtualization-based security measures in Home windows, you’re utilizing a VM that helps paravirtualization. This ensures that secured operations have the identical precedence and {hardware} entry as their unsecured counterparts, avoiding efficiency bottlenecks and giving customers the identical expertise whether or not they’re inside or outdoors a secured course of’s belief boundaries.
