> HCR_EL2.HCD

That's not ideal because of:

> Any resulting exception is taken to the Exception level at which the HVC instruction is executed.

instead of trapping to the hypervisor

> I've looked at how different hypervisors/VMMs handle this and, if this makes that patch set any less hacky, Virtualization.framework, QNX Hypervisor, and (I think) VMware all decode and emulate those instructions in software. Virtualization.framework is a remarkable spaghetti in this regard :)

And so does Hyper-V.

> It's not macOS triggering this in isolation either

There are some nightmare cases that SEPOS specifically triggers, such as doing isv=0 accesses to GICR... when using the Apple vGIC handling _that_ becomes truly bizarre.

> Simply ignoring the instruction, though, is not enough

Yeah that's not a great idea