In various examples, access to VM memory by virtualization software is secured using a trusted firmware of a host controller to validate one or more of a command to read a VM's memory and/or the data read from VM memory in order to protect against improper access to data in VM memory. If validation fails, the firmware may refrain from reading the data and/or from providing the virtualization software with access to the data. The data may include a request command from a VM regarding establishing or modifying a connection using the host controller to another entity, such as another device within or outside of the virtualization environment. The virtualization software may use the request command to facilitate the connection. The host controller may provide an eXtensible Host Controller Interface (xHCI) or a different type of interface for the connection.