Can we trust that the changes on the default kernel option will land some time soon?

Is there an alternative solution to this, like running the whonix gw and ws as HVMs (maybe?) to provide the security mechanisms?