I pretty much understand the reason why Windows Hello largely relies on virtualisation to draw a strong boundary between the OS and whatever's processing the biometrics, but I'd really feel much happier with a protected hardware communication channel
But in the absence of that channel, I think everyone else is still playing catchup to Microsoft here - we'd gain a lot of value from a slim hypervisor that allowed for certain security functionality to be segregated from the main OS
@robryk If the "token" asserts that it requires physical presence, it should never be possible for the OS to trigger that without the user being physically present. Beyond that, I think the primary concern is ensuring that keys can't be transferred between devices.
@mjg59 Well, u2f with some extension to provide {en,de}cryption too.