Hardware-assisted virtualization for implementing secure video output path

The invention claimed is: 1. A processing system, comprising: a memory comprising a secure memory buffer; a communication bus implementing a memory firewall to allow a memory access transaction tagged with a virtual machine identifier that is associated, by on one of a plurality of mappings of memory address ranges to virtual machine identifiers, with a requested memory range; and a processing core communicatively coupled to the memory via the communication bus, the processing core to: associate each transaction to access the memory with a tag comprising an identifier of a virtual machine that has initiated the respective transaction; configure the memory firewall with a mapping of an identifier of the second virtual machine to an address range of the secure memory buffer; receive, by a first virtual machine, an encrypted digital content item; and store, by the first virtual machine, the encrypted digital content item a shared memory buffer accessible by the second virtual machine; decrypt, by the second virtual machine, a portion of the encrypted digital content item to produce a decrypted content portion; store, by the second virtual machine, the decrypted content portion in the secure memory buffer; and cause, by the second virtual machine, the digital content decoder to produce a decoded content portion by reading the decrypted content portion from the secure memory buffer and decoding the decrypted content portion. 2. The processing system of claim 1 , wherein the processing core is further to: storing the identifier of the first virtual machine in a first internal register. 3. The processing system of claim 1 , wherein the processing core is further to: transmit the decoded content portion to a display controller. 4. The processing system of claim 3 , wherein the processing core is further to transmit the decoded content portion to the display controller via a dedicated stream port which is protected from redirecting the decoded content portion to an agent other than the display controller. 5. The processing system of claim 1 , wherein the digital content item comprises a video content item. 6. The processing system of claim 1 , wherein the communication bus is to further implement a peripheral firewall for enforcing peripheral firewall rules comprising a plurality of mappings of peripheral device identifiers to virtual machine identifiers. 7. The processing system of claim 6 , wherein the processing core is further to configure the peripheral firewall with a mapping of an identifier of the second virtual machine to an identifier of the digital content decoder. 8. The processing system of claim 6 , wherein the peripheral firewall is to abort a transaction initiated by a virtual machine to access a peripheral device which is not associated with the virtual machine by one of the peripheral firewall rules. 9. The processing system of claim 1 , wherein the memory firewall is to abort a transaction initiated by a virtual machine to access a memory address which is not associated with the virtual machine by one of the memory firewall rules. 10. A system-on-a-chip (SoC), comprising: a processing core to execute a first virtual machine and a second virtual machine, the processing core further to associate, each memory access transaction with a tag comprising an identifier of a virtual machine that has initiated the respective transaction; and a communication bus coupled to the processing core, the communication bus implementing a memory firewall to allow a memory access transaction tagged with a virtual machine identifier that is associated, by on one of a plurality of mappings of memory address ranges to virtual machine identifiers, with a requested memory range; and wherein the processing core is further to: configure the memory firewall with a mapping of an identifier of the second virtual machine to an address range of a secure memory buffer; receive, by the first virtual machine, an encrypted digital content item; and store, by the first virtual machine, the encrypted digital content item a shared memory buffer accessible by the second virtual machine; decrypt, by the second virtual machine, the portion of the encrypted digital content item to produce a decrypted content portion; store, by the second virtual machine, the decrypted content portion in the secure memory buffer; and cause, by the second virtual machine, the digital content decoder to produce a decoded content portion by reading the decrypted content portion from the secure memory buffer and decoding the decrypted content portion. 11. The SoC of claim 10 , wherein the processing core is further to: tag a first transaction with the identifier of the first virtual machine. 12. The SoC of claim 10 , wherein the processing core is further to: tag a second transaction with the identifier of the second virtual machine. 13. The SoC of claim 10 , wherein the processing core is further to: transmit, by the first virtual machine, the decoded content portion to an input/output (I/O) controller. 14. The SoC of claim 10 , wherein the communication bus is to further implement a peripheral firewall for enforcing peripheral firewall rules comprising a plurality of mappings of peripheral device identifiers to virtual machine identifiers. 15. The SoC of claim 14 , wherein the processing core is further to configure the peripheral firewall with a mapping of an identifier of the second virtual machine to an identifier of the digital content decoder. 16. A method, comprising: initializing, by a processing core, a first virtual machine and a second virtual machine; implementing a memory firewall to allow a memory access transaction tagged with a virtual machine identifier that is associated, by on one of a plurality of mappings of memory address ranges to virtual machine identifiers, with a requested memory range; associating each memory access transaction with a tag comprising an identifier of a virtual machine that has initiated the respective transaction; configuring a memory firewall with a mapping of an identifier of the second virtual machine to an address range of a secure memory buffer; receiving, by the first virtual machine, a portion of an encrypted digital content item; storing, by the first virtual machine, the encrypted digital content item a shared memory buffer accessible by the second virtual machine; decrypting, by the second virtual machine, the portion of the encrypted digital content item to produce a decrypted content portion; storing, by the second virtual machine, the decrypted content portion in the secure memory buffer; and causing, by the second virtual machine, the digital content decoder to produce a decoded content portion by reading the decrypted content portion from the secure memory buffer and decoding the decrypted content portion. 17. The method of claim 16 , wherein initializing the first virtual machine comprises storing identifier of the first virtual machine in a dedicated internal register. 18. The method of claim 16 , further comprising: transmitting, by the first virtual machine, a signal to notify the second virtual machine of the encrypted digital content item. 19. The method of claim 16 , further comprising: transmitting, by the second virtual machine, the decoded content portion to an input/output (I/O) controller. 20. The method of claim 16 , further comprising: implementing a peripheral firewall for enforcing peripheral firewall rules comprising a plurality of mappings of