diff --git a/hypervisor/arch/x86/security.c b/hypervisor/arch/x86/security.c
index b6b9dbe8c..50215b57a 100644
--- a/hypervisor/arch/x86/security.c
+++ b/hypervisor/arch/x86/security.c
@@ -59,16 +59,16 @@ bool check_cpu_security_cap(void)
 		x86_arch_capabilities = msr_read(MSR_IA32_ARCH_CAPABILITIES);
 		skip_l1dfl_vmentry = ((x86_arch_capabilities
 			& IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY) != 0UL);
+	}
 
-		if ((!pcpu_has_cap(X86_FEATURE_L1D_FLUSH)) && (!skip_l1dfl_vmentry)) {
-			ret = false;
-		} else if ((!pcpu_has_cap(X86_FEATURE_IBRS_IBPB)) &&
-			(!pcpu_has_cap(X86_FEATURE_STIBP))) {
-			ret = false;
-		} else {
-			/* No other state currently, do nothing */
-		}
-	} else {
+	if ((!pcpu_has_cap(X86_FEATURE_L1D_FLUSH)) && (!skip_l1dfl_vmentry)) {
+		/* Processor is affected by L1TF CPU vulnerability,
+		 * but no L1D_FLUSH command support.
+		 */
+		ret = false;
+	}
+
+	if ((!pcpu_has_cap(X86_FEATURE_IBRS_IBPB)) && (!pcpu_has_cap(X86_FEATURE_STIBP))) {
 		ret = false;
 	}
 
diff --git a/hypervisor/include/arch/x86/security.h b/hypervisor/include/arch/x86/security.h
index 681894a8a..38f0e0b40 100644
--- a/hypervisor/include/arch/x86/security.h
+++ b/hypervisor/include/arch/x86/security.h
@@ -9,7 +9,7 @@
 
 /* type of speculation control
  * 0 - no speculation control support
- * 1 - raw IBRS + IPBP support
+ * 1 - raw IBRS + IBPB support
  * 2 - with STIBP optimization support
  */
 #define IBRS_NONE	0