A hypervisor is a software component that enables multiple operating systems (termed “guest operating systems”) to run on a single device. Each guest operating system is executed within a separate virtual machine.
There are two widely recognized types of hypervisors, termed Type 1 and Type 2. A Type 1 hypervisor (also known as a native, bare metal hypervisor) executes directly upon the hardware of the device. With a Type 1 hypervisor, a guest operating system runs on a level above the hypervisor. Since a Type 1 hypervisor executes directly upon the hardware, a Type 1 hypervisor is the most privileged software component within the system.
A Type 2 hypervisor (also known as a hosted hypervisor) executes within a conventional operating system (termed the “host operating system” in this context). A Type 2 hypervisor instantiates guest operating systems using the memory and resources allocated to the hypervisor by the host operating system. As with a Type 1 hypervisor, guest operating systems run at a lower privilege level than the hypervisor. However, unlike a Type 1 hypervisor, a Type 2 hypervisor is not the most privileged component within the system. Instead, in a system employing a Type 2 hypervisor, the host operating system is at the same privilege level as the Type 2 hypervisor, and hence, the host operating system can interfere with the Type 2 hypervisor.
If malicious code infects a host operating system that employs a Type 2 hypervisor, then the malicious code could potentially compromise the Type 2 hypervisor, since processes executing within the host operating system kernel are running at the same privilege level as the Type 2 hypervisor. It is desirable to prevent a Type 2 hypervisor (and by extension guest virtual machines) from being compromised from any malicious code executing within the host operating system.