Learn how guest_memfd, introduced in Linux 6.8, can enhance security for traditional non-confidential virtual machines beyond its primary use in confidential computing environments. Explore the implementation of guest_memfd with shared memory support to run non-confidential VMs entirely backed by guest_memfd, and discover how removing direct map entries for guest_memfd folios provides protection against approximately 60% of Spectre-like transient execution vulnerabilities. Examine the practical application of this technology in the Firecracker VMM and understand how guest_memfd's "guest-first" memory design offers additional hardening benefits for traditional virtualization scenarios while maintaining compatibility with existing KVM infrastructure.