Virtualization Based Security - Part 2: kernel communications

This blog post is a second article covering Virtualization Based Security and Device Guard features. In the first part, we covered the system boot process, from the Windows bootloader to the VTL0 startup. In this part, we explain how kernel communications between VTL0 and VTL1 actually work. As they use hypercalls to communicate, we will first describe the Hyper-V hypercalls implementation, then how the kernels use them to communicate. To finish with, we list all the different hypercalls and secure service calls we have identified during this work.
more ...