[ReactiveJelly]

It must be relying on a TPM somehow, right? That isn't possible with any normal software VM

[transpute]

This eschews hardware-based TEE (like TrustZone or TPM) in favor of hardware support for nested virtualization, plus open-source L0 hypervisor code.

In the best case future, this will offer security properties based on a small OSS attack surface, rather than black box TEE firmware.