diff --git a/hypervisor/arch/x86/guest/vcpuid.c b/hypervisor/arch/x86/guest/vcpuid.c
index d204d6c35..6aa4910de 100644
--- a/hypervisor/arch/x86/guest/vcpuid.c
+++ b/hypervisor/arch/x86/guest/vcpuid.c
@@ -319,9 +319,18 @@ void guest_cpuid(struct acrn_vcpu *vcpu, uint32_t *eax, uint32_t *ebx, uint32_t
 			*edx &= ~CPUID_EDX_MTRR;
 #endif
 
+			/* mask Debug Store feature */
+			*ecx &= ~(CPUID_ECX_DTES64 | CPUID_ECX_DS_CPL);
+
 			/* mask Safer Mode Extension */
 			*ecx &= ~CPUID_ECX_SMX;
 
+			/* mask PDCM: Perfmon and Debug Capability */
+			*ecx &= ~CPUID_ECX_PDCM;
+
+			/* mask SDBG for silicon debug */
+			*ecx &= ~CPUID_ECX_SDBG;
+
 			/* mask pcid */
 			*ecx &= ~CPUID_ECX_PCID;
 
@@ -342,9 +351,15 @@ void guest_cpuid(struct acrn_vcpu *vcpu, uint32_t *eax, uint32_t *ebx, uint32_t
 					*ecx |= CPUID_ECX_OSXSAVE;
 				}
 			}
+
+			/* mask Machine Check Exception */
+			*edx &= ~CPUID_EDX_MCE;
+
+			/* mask Debug Store feature */
+			*edx &= ~CPUID_EDX_DTES;
+
 			break;
 		}
-
 		case 0x0bU:
 			/* Patching X2APIC */
 #ifdef CONFIG_PARTITION_MODE
diff --git a/hypervisor/arch/x86/guest/vmsr.c b/hypervisor/arch/x86/guest/vmsr.c
index bc5bf4446..13afbc6d8 100644
--- a/hypervisor/arch/x86/guest/vmsr.c
+++ b/hypervisor/arch/x86/guest/vmsr.c
@@ -53,7 +53,7 @@ static const uint32_t mtrr_msrs[NUM_MTRR_MSRS] = {
 };
 
 /* Following MSRs are intercepted, but it throws GPs for any guest accesses */
-#define NUM_UNSUPPORTED_MSRS	96U
+#define NUM_UNSUPPORTED_MSRS	103U
 static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
 	/* Variable MTRRs are not supported */
 	MSR_IA32_MTRR_PHYSBASE_0,
@@ -176,6 +176,23 @@ static const uint32_t unsupported_msrs[NUM_UNSUPPORTED_MSRS] = {
 
 	/* SMM Monitor Configuration: CPUID.01H.ECX[5] and CPUID.01H.ECX[6] */
 	MSR_IA32_SMM_MONITOR_CTL,
+
+	/* Silicon Debug Feature: CPUID.01H.ECX[11] (X86_FEATURE_SDBG) */
+	MSR_IA32_DEBUG_INTERFACE,
+
+	/* Performance Monitoring: CPUID.01H.ECX[15] X86_FEATURE_PDCM */
+	MSR_IA32_PERF_CAPABILITIES,
+
+	/* Debug Store disabled: CPUID.01H.EDX[21] X86_FEATURE_DTES */
+	MSR_IA32_DS_AREA,
+
+	/* Machine Check Exception: CPUID.01H.EDX[5] (X86_FEATURE_MCE) */
+	MSR_IA32_MCG_CAP,
+	MSR_IA32_MCG_STATUS,
+	MSR_IA32_MCG_CTL,
+	MSR_IA32_MCG_EXT_CTL,
+	/* MSR 0x280 ... 0x29F, not in this array */
+	/* MSR 0x400 ... 0x473, not in this array */
 };
 
 #define NUM_X2APIC_MSRS	44U
diff --git a/hypervisor/arch/x86/vmcs.c b/hypervisor/arch/x86/vmcs.c
index bd2657d46..46197a33e 100644
--- a/hypervisor/arch/x86/vmcs.c
+++ b/hypervisor/arch/x86/vmcs.c
@@ -320,7 +320,7 @@ static bool is_cr4_write_valid(struct acrn_vcpu *vcpu, uint64_t cr4)
  *             Set the value according to the value from guest.
  *   - PAE (5) Trapped to track paging mode.
  *             Set the value according to the value from guest.
- *   - MCE (6) Flexible to guest
+ *   - MCE (6) Trapped to hide from guest
  *   - PGE (7) Flexible to guest
  *   - PCE (8) Flexible to guest
  *   - OSFXSR (9) Flexible to guest
@@ -338,7 +338,7 @@ static bool is_cr4_write_valid(struct acrn_vcpu *vcpu, uint64_t cr4)
  */
 void vmx_write_cr4(struct acrn_vcpu *vcpu, uint64_t cr4)
 {
-	uint64_t cr4_vmx;
+	uint64_t cr4_vmx, cr4_shadow;
 	uint64_t old_cr4 = vcpu_get_cr4(vcpu);
 
 	if (!is_cr4_write_valid(vcpu, cr4)) {
@@ -353,10 +353,12 @@ void vmx_write_cr4(struct acrn_vcpu *vcpu, uint64_t cr4)
 			vcpu_make_request(vcpu, ACRN_REQUEST_EPT_FLUSH);
 		}
 
-		/* Aways off bits and reserved bits has been filtered above */
-		cr4_vmx = cr4_always_on_mask | cr4;
+		/* Clear forced off bits */
+		cr4_shadow = cr4 & ~CR4_MCE;
+
+		cr4_vmx = cr4_always_on_mask | cr4_shadow;
 		exec_vmwrite(VMX_GUEST_CR4, cr4_vmx & 0xFFFFFFFFUL);
-		exec_vmwrite(VMX_CR4_READ_SHADOW, cr4 & 0xFFFFFFFFUL);
+		exec_vmwrite(VMX_CR4_READ_SHADOW, cr4_shadow & 0xFFFFFFFFUL);
 
 		/* clear read cache, next time read should from VMCS */
 		bitmap_clear_lock(CPU_REG_CR4, &vcpu->reg_cached);
@@ -417,7 +419,7 @@ static void init_guest_state(struct acrn_vcpu *vcpu)
 		&vcpu->arch.contexts[vcpu->arch.cur_context];
 
 	init_guest_vmx(vcpu, ctx->run_ctx.cr0, ctx->ext_ctx.cr3,
-			ctx->run_ctx.cr4 & ~(CR4_VMXE | CR4_SMXE));
+			ctx->run_ctx.cr4 & ~(CR4_VMXE | CR4_SMXE | CR4_MCE));
 }
 
 static void init_host_state(void)
diff --git a/hypervisor/include/arch/x86/cpuid.h b/hypervisor/include/arch/x86/cpuid.h
index 9bca32149..76a23c13c 100644
--- a/hypervisor/include/arch/x86/cpuid.h
+++ b/hypervisor/include/arch/x86/cpuid.h
@@ -26,6 +26,7 @@
 #define CPUID_ECX_TM2           (1U<<8U)
 #define CPUID_ECX_SSSE3         (1U<<9U)
 #define CPUID_ECX_CID           (1U<<10U)
+#define CPUID_ECX_SDBG          (1U<<11U)
 #define CPUID_ECX_FMA           (1U<<12U)
 #define CPUID_ECX_CX16          (1U<<13U)
 #define CPUID_ECX_ETPRD         (1U<<14U)
diff --git a/hypervisor/include/arch/x86/msr.h b/hypervisor/include/arch/x86/msr.h
index 0fbbfcb56..ea43313ea 100644
--- a/hypervisor/include/arch/x86/msr.h
+++ b/hypervisor/include/arch/x86/msr.h
@@ -253,6 +253,7 @@
 #define MSR_IA32_A_PMC5				0x000004C6U
 #define MSR_IA32_A_PMC6				0x000004C7U
 #define MSR_IA32_A_PMC7				0x000004C8U
+#define MSR_IA32_MCG_EXT_CTL			0x000004D0U
 #define MSR_IA32_SGX_SVN_STATUS			0x00000500U
 #define MSR_IA32_RTIT_OUTPUT_BASE		0x00000560U
 #define MSR_IA32_RTIT_OUTPUT_MASK_PTRS		0x00000561U