Vol. 3C 32-9

VIRTUALIZATION OF SYSTEM RESOURCES

make sure that the entire guest memory buffer (which contains the microcode update image) will not cause a page 
fault when accessed.
If the VMM loads the microcode update, then the VMM must have access to the current set of microcode updates. 
These updates could be part of the VMM image or could be contained in a separate microcode update image data-
base (for example: a database file on disk or in memory). Again, maintaining a separate microcode update image 
database has the advantage of reducing the number of required VMM or OS releases as a result of microcode 
update releases.
The VMM may wish to prevent a guest from loading a microcode update or may wish to support the microcode 
update requested by a guest using emulation (without actually loading the microcode update). To prevent micro-
code update loading, the VMM may return a microcode update signature value greater than the value of 
IA32_BIOS_SIGN_ID MSR. A well behaved guest will not attempt to load an older microcode update. The VMM may 
also drop the guest attempts to write to IA32_BIOS_UPDT_TRIG MSR, preventing the guest from loading any 
microcode updates. Later, when the guest queries IA32_BIOS_SIGN_ID MSR, the VMM could emulate the micro-
code update signature that the guest expects.
In general, loading a microcode update later will limit guest software’s visibility of features that may be enhanced 
by a microcode update.