Comment by saurik

If I have my hardware under lock and key in my house, this lets me only trust the CPU vendor and not the software stack running on my computer when I try to verify that it is running exactly the workload that I intended. With a third party, if I trust you to not tamper with your hardware, this let's both of us remove the people who wrote the hypervisor from our trust base.