Thanks for tuning my half full glass into a half empty glass

It will probably do the opposite - keep a locked boot loader where the manufacturer maintains some control over the lowest privilege level including NSA backdoor, meanwhile it can be rooted and have other OS installed, but doing so doesn't disable the backdoor. Think Intel ME.

It's surprising Qualcomm is writing this in C and Python and not Rust. The rust-vm crates for running virtual machines are the basis of Amazon's Firecracker, Google's crosvm, and a dozen other hypervisor projects.

I suppose the silver lining is the phone hackers can target the hypervisor to hopefully get full control of the device and use that to get around a lot of the root limitations.

TLDR; this is primarily about battery life in mobile devices.

The specific reason you're seeing this recently on ARM is that TrustZone is slow, which forces mobile devices to stay awake or in a higher performance power state than they would otherwise need to if they could complete their trusted computing tasks with lower latency. So they are using hypervisors on the application cores to speed up Trusted Execution Environment performance. It also means they can drop TEE extensions from their designs, which can save them a buck on licensing.

In the long term it means that the manufacturers will be able to install backdoors and ad/tracking features below the OS (even flashing a new OS image will not replace this), so you could see ads on devices when they are sleeping... that's unlikely on mobile but you can expect it soon on TVs.

AT&T already runs KVM and containers in their 5G nodes at the tower. They migrated their network controls and many of the features to them during Covid. So I am not shocked that someone wants the actual mobile devices to do the same.

Addendum: AT&T even spun off their Kubernetes tools back to the community for mobile, so who knows if they will use it to extend specific (KVM or whatever) functionality to their branded phones going forward?

This is probably to allow Qualcomm to run the baseband software that implements the 2G/3G/4G/5G protocols for future Snapdragons on the main application processor rather than a separate baseband processor as is the case on most smartphones.

Baseband software is closed-source, full of trade secrets, timing and security sensitive, and probably full of unintentional and intentional backdoors, which is why a hypervisor approach to compartmentalization is desired, and why they want to use their hypervisor rather than anything that already exists.

Running the baseband software on the application processor under a real-time hypervisor was common in the 2G/3G late feature phone/early smartphone era but became less common with 4G, as running 4G in software on the application processor was quite taxing. Now it looks like application processors are fast enough to run the 4G and 5G baseband without breaking a sweat, so this approach is having a revival.

In theory this should reduce overall power consumption and thus increase battery life, and it will also reduce the component count on phone mainboards which should make the bill of materials a little lower.

Hypervisors are very complicated system's that facilitate sharing resources between multiple kernels. this may sound simple in theory, but it is anything but. so having a dedicated hypervisor tuned to your system can give you the edge over other things, which can matter a lot when you are doing things at a larger scale.

as for why a phone may need this, I for one would love it, because it would allow me to have a safe encrypted linux VM within android for instance. (if implemented properly) meaning if you run a VPN with the VM for instance, you could have a linux enviroment completely secure from the host (yes I know, if you don't trust the host, don't trust the guest this is just theory crafting)

this is seperate, android will be using KVM still with a modified version of crosvm the chromeOS vmm. (also the basis of a few other notable VMMs)

I'm not into hypervisors at all, so could someone explain why is everybody writing their own hypervisors nowadays? Why do we need a software controlling what the operating system does, especially in mobile phones and such? Isn't that the kernels job?