Once upon a time, Sharpened Blade <sharpenedblade(a)proton.me> said:
With virtual machines, nothing can actually be verified completely,
the host running the vm can, 1) Modify the firmware to intercept anything the attacker
wants, or 2) directly intercept things at the cpu level.
There are CPU extensions that I understand stop that, so that the
hypervisor and VMs do not have to trust each other. That's part of the
reason to secure the boot stack.
--
Chris Adams <linux(a)cmadams.net>