[richard_todd]

> I'd bet on CPU-enforced isolation over software any day of the week, even memory safe languages have bugs, and so do hypervisors.

... and so do CPUs! I do like CPU protections as long as they are dirt-simple, but it really scares me sometimes how complicated CPUs and chipsets are getting with their "advanced" security features. When an exploitable flaw is found, and malware survives OS/firmware reinstalls, it will be a mess.

[lolo_]

Yeah this frightens me too :) and things like rowhammer [0] are surprising in this regard. Nothing can be trusted, but you can have a little more faith in some things.

[0]:https://en.wikipedia.org/wiki/Row_hammer