Although the most interesting bits are arguably down the road with the hypervisor approaches, I found the description of how the current code pushes the guest kernel up to Ring 1 very interesting.

http://channel9.msdn.com/ShowPost.aspx?PostID=163095

 

 

We always say there's a whole bunch of code in the VMM that takes the guest kernel and makes it run at Ring 1, and there's a bunch of code in that thing that fakes it to make it think it's running at Ring 0 - it basically negates itself.