[$] Rethinking the Linux cloud stack for confidential VMs

There is an inherent limit to the privacy of the publiccloud. While Linux can isolate virtual machines (VMs) from each other,nothing in the system's memory is ultimately out of reach for the host cloudprovider. To accommodate the most privacy-conscious clients, confidentialcomputing protects the memory of guests, even fromhypervisors. But the Linux cloud stack needs to be rethought in order to hostconfidential VMs, juggling two goals that are often at odds: performanceand security.