I didn't say "from the platform", I very specifically said they're encrypted so the hypervisor or other VMs cannot see them. Believe it or not, that's how Intel TDX, AMD SEV and other systems do work, and these are real world implementations you can buy right now.
Indeed, it's defense in depth. The hypervisor shouldn't be compromised, and other VMs shouldn't be able to read your VM's data, but if they are or can for some reason, it's encrypted.
I call BS. There is no way to hide code from the platform it runs on.