Any chance you could look into potentially adding the option to use PVM (eg so a PVM mode instead of KVM) in your matchlock/firecracker implementation?

See https://blog.alexellis.io/how-to-run-firecracker-without-kvm...