There is also the virtual TPM which in Windows is called Credential Guard and Device guard. These rely on the Hyper-V hypervisor to protect data such as credentials from tampering or dumping. With credential guard properly configured you will see a number or processes running on your system such as
'Secure System'
'LsaIso'
They run in a special virtual execution rings which can't even be accessed directly from the kernel nor from drivers that typically have direct memroy access. This is achieved via the hyper-v layer running below the kernel.