@david_chisnall >They assume trusted devices and untrusted VMs.
Are you using VM as a catch-all for "anything running a kernel"? Or actual VM as in "kernel running under control of a hypervisor, either bare metal or another kernel"?
Anyways this sounds backwards :P. I thought devices not choosing to read/write all over mem was what we were trying to prevent. Why would we trust the devices to _not_ do that :D?