Yes, and you only need this at the root hypervisor level, once peripherals can be abstracted in a new way (maybe DMA at a different privilege level, certain hardware features would be required).

I am not super mad if I have to run my custom kernel in a VM. It substantially reduces the surface area exposed.