"Untrusted guest systems should not be allowed to use the 3D acceleration features of Oracle VM VirtualBox, just as untrusted host software should not be allowed to use 3D acceleration. Drivers for 3D hardware are generally too complex to be made properly secure and any software which is allowed to access them may be able to compromise the operating system running them. In addition, enabling 3D acceleration gives the guest direct access to a large body of additional program code in the Oracle VM VirtualBox host process which it might conceivably be able to use to crash the virtual machine."
You could say the Same about non IOMMU CPU virtualization. The problem here is AMD and Nvidias disgusting greed that has held back security by at least a decade. GPU virtualization (vGPU/MxGPU) is supported but only if you pay ridiculous enterprise licensing. This should be a first class feature like VT-d and would enable a usable Qubes desktop and Microsoft's VBS.
Wow, I was unaware such hardware virtualization extensions currently existed in such mature form for GPUs. Really unfortunate that they've been lost to the avarice of two tech giants which have a duopoly over the GPU market.
They're not that mature software wise due to the fact that hardly anyone uses them. Microsoft may save us here because Virtualization Based Security has to be enabled to sell an OEM PC with a Win11 sticker. Doing GPU virtualization in software has a big performance hit if not hardware assisted (like CPU virt). Hopefully this will twist enough arms at AMD/Nvidia that they will be forced to open up virt features on consumer cards. I asked an Intel graphics rep if virt would be supported on Intel's new discrete parts (Arc series) and they said wait until launch to see which is at least better than last year when they told me they had no plans.
