> That is not how most end user installations are configured (aka, not as a virtual machine).
Though not the default, Microsoft is moving more and more towards hypervisor-based security, for both kernel stuff and for browser stuff. Right now you need to enable it, but I wouldn't be surprised if Windows 11 relies on it. The leaked installer already relies on having a TPM, after all.
Out of all virtual machine technologies, Hyper-V is probably the one that will give Microsoft the best chances at being near-metal without passing through hardware. Other hypervisors shouldn't pose a problem, but they're not under Microsoft's control.
If you have the time and hardware, you should feel free to test this on actual hardware instead; I doubt the results will differ much, though.
Though not the default, Microsoft is moving more and more towards hypervisor-based security, for both kernel stuff and for browser stuff. Right now you need to enable it, but I wouldn't be surprised if Windows 11 relies on it. The leaked installer already relies on having a TPM, after all.
Out of all virtual machine technologies, Hyper-V is probably the one that will give Microsoft the best chances at being near-metal without passing through hardware. Other hypervisors shouldn't pose a problem, but they're not under Microsoft's control.
If you have the time and hardware, you should feel free to test this on actual hardware instead; I doubt the results will differ much, though.