Typically we think of BPF as JIT'ing programs at load time. Such JIT is great for many purposes, but doesn't work when a Type-1 hypervisor requires signed pages before allowing them to be loaded, when signing keys are offline. This security feature, sometimes known as HyperVisor-enforced Code Integrity (HVCI) is common in Windows environments. In this talk, we will present recent work to allow eBPF to be used to create native drivers that work with HVCI, and also allow kernel debuggers to work normally with BPF programs as a result, improving the developer experience.