Running ESX under KVM with VM-x/EPT

I've been experimenting with setting up a test lab on a linux host with KVM as the layer 1 hypervisor and ESX as the layer 2. With KVM configured for nested, ept and ignore_msrs, and ESX set to vmx.allowNested and hv.assumeEnabled things work fine, except that VMs under ESX don't use EPT.

With some help I'm now trying to determine which of these flags ESX requires for EPT to function, e.g. to get HWMMU working:

2016-02-11T21:17:00.157Z| vmx| I120: VPID and EPT Capabilities (0x00000d0106114041)
2016-02-11T21:17:00.157Z| vmx| I120:   R=0/W=0/X=1                      yes
2016-02-11T21:17:00.157Z| vmx| I120:   Page-walk length 3               yes
2016-02-11T21:17:00.157Z| vmx| I120:   EPT memory type WB               yes
2016-02-11T21:17:00.157Z| vmx| I120:   2MB super-page                   yes
2016-02-11T21:17:00.157Z| vmx| I120:   1GB super-page                    no
2016-02-11T21:17:00.157Z| vmx| I120:   INVEPT support                   yes
2016-02-11T21:17:00.157Z| vmx| I120:   Access & Dirty Bits               no
2016-02-11T21:17:00.157Z| vmx| I120:   Type 1 INVEPT                    yes
2016-02-11T21:17:00.157Z| vmx| I120:   Type 2 INVEPT                    yes
2016-02-11T21:17:00.157Z| vmx| I120:   INVVPID support                  yes
2016-02-11T21:17:00.157Z| vmx| I120:   Type 0 INVVPID                   yes
2016-02-11T21:17:00.157Z| vmx| I120:   Type 1 INVVPID                    no
2016-02-11T21:17:00.157Z| vmx| I120:   Type 2 INVVPID                   yes
2016-02-11T21:17:00.157Z| vmx| I120:   Type 3 INVVPID                   yes
...
2016-02-11T21:17:00.158Z| vmx| I120: MONITOR MODE: allowed modes          : BT32 HV HWMMU
2016-02-11T21:17:00.158Z| vmx| I120: MONITOR MODE: user requested modes   : BT32 HV HWMMU
2016-02-11T21:17:00.158Z| vmx| I120: MONITOR MODE: guestOS preferred modes: HWMMU BT32 HV
2016-02-11T21:17:00.158Z| vmx| I120: MONITOR MODE: filtered list          : HWMMU BT32 HV
2016-02-11T21:17:00.158Z| vmx| I120: HV Settings: virtual exec = 'hardware'; virtual mmu = 'hardware'

So far I've been able to get VMs to use HWMMU with the above flags active in a patched host kernel.

Could anyone tell me which flags ESX actually requires and which are optional or preferable for EPT/HWMMU to work?

Additionally, are more or different flags required with "vhv.enable = TRUE"? So far I have only tested with "vhv.enabled = FALSE"

It's a big performance jump to have this working so it would be very much appreciated. Thanks!