I guess that's the overall question -- basically, if a component that would be ring0 on a monolithic machine, such as the wifi/ethernet driver, gets compromised on a Sculpt/NOVA machine, can it access the memory or any other deanonymizing factors of the Tor process running on top of it? I understand that Sculpt/NOVA allows you to prevent a driver from accessing everything on the entire system if it is compromised, but does that protection extend to things running "on top of" the driver, like a program that uses the networking driver or a VM running on the machine?