I pretty much understand the reason why Windows Hello largely relies on virtualisation to draw a strong boundary between the OS and whatever's processing the biometrics, but I'd really feel much happier with a protected hardware communication channel

But in the absence of that channel, I think everyone else is still playing catchup to Microsoft here - we'd gain a lot of value from a slim hypervisor that allowed for certain security functionality to be segregated from the main OS

@mjg59 So the idea would be to not expose some data/ability to command something ever to the OS, right?

Other than the biometrics case, what data/authority would you envision being "taken away" from the OS?

@robryk If the "token" asserts that it requires physical presence, it should never be possible for the OS to trigger that without the user being physically present. Beyond that, I think the primary concern is ensuring that keys can't be transferred between devices.