Comment by transpute

> Does graphene actually setup nested virt?

Nested virt with pKVM is the way forward to balance the competing goals of security, usability, freedom, individuals, and corporate supply chains. pKVM is sill in development for GrapheneOS. It's present and running, but VM features are not yet actively used.

AVF (pKVM for Pixels or gunyah for Qualcomm) is enabled and usable by developers on stock Android 11+, https://android.googlesource.com/platform/packages/modules/V...

> From my research nested virt on android never got any community traction

It will take time before mobile nested virt is easily accessible to end-users, but pKVM was upstreamed to mainline Linux and AVF was shipped on Android two years ago, so nested virt is here for the long haul and can incrementally reduce dependence on TrustZone.

Nested virt has been available on x86 for a decade (KVM, Bromium vSentry / HP SureClick, Microsoft Defender App Guard), on Apple Silicon since M2, MacOS since M3 and iPadOS since M4 (Secure eXclave VM). On mobile, it can sidestep some business model conflicts which torpedoed Nokia, RIM, Maemo, Meego, Tizen, etc.