Virtualization can be the expertise on the root of Microsoft’s confidential computing providers, providing a option to work with encrypted information securely, making certain safety in storage, in movement, and in operation. Nesting encrypted digital environments on high of conventional hypervisors works properly sufficient, although it limits the working system capabilities accessible inside a trusted execution surroundings.
Extending the hypervisor
That is the place an alternate strategy to virtualization is available in, what Microsoft is asking a “paravisor.” It builds on the idea of paravirtualization, which supplies extra hyperlinks between the host and virtualized environments. This strategy requires the consumer OS to be virtualization-aware, with an outlined set of APIs and drivers that may use these APIs when vital. It lets the consumer OS deal with remoted compute, and the host OS share I/O and different frequent providers between host and virtualized processes.
When you’re utilizing the virtualization-based safety features in Home windows, you’re utilizing a VM that helps paravirtualization. This ensures that secured operations have the identical precedence and {hardware} entry as their unsecured counterparts, avoiding efficiency bottlenecks and giving customers the identical expertise whether or not they’re inside or exterior a secured course of’s belief boundaries.
