diff --git a/hypervisor/arch/x86/cpu.c b/hypervisor/arch/x86/cpu.c
index 28de12056..b000e9bd5 100644
--- a/hypervisor/arch/x86/cpu.c
+++ b/hypervisor/arch/x86/cpu.c
@@ -30,6 +30,8 @@ uint64_t pcpu_active_bitmap = 0UL;
 
 /* X2APIC mode is disabled by default. */
 bool x2apic_enabled = false;
+static bool skip_l1dfl_vmentry;
+static uint64_t x86_arch_capabilities;
 
 /* TODO: add more capability per requirement */
 /* APICv features */
@@ -418,6 +420,18 @@ void bsp_boot_init(void)
 
 static bool check_cpu_security_config(void)
 {
+	if (cpu_has_cap(X86_FEATURE_ARCH_CAP)) {
+		x86_arch_capabilities = msr_read(MSR_IA32_ARCH_CAPABILITIES);
+		skip_l1dfl_vmentry = ((x86_arch_capabilities
+			& IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY) != 0UL);
+	} else {
+		return false;
+	}
+
+	if ((!cpu_has_cap(X86_FEATURE_L1D_FLUSH)) && (!skip_l1dfl_vmentry)) {
+		return false;
+	}
+
 	if (!cpu_has_cap(X86_FEATURE_IBRS_IBPB) &&
 		!cpu_has_cap(X86_FEATURE_STIBP)) {
 		return false;
diff --git a/hypervisor/include/arch/x86/cpufeatures.h b/hypervisor/include/arch/x86/cpufeatures.h
index 2226f9da0..582a1026d 100644
--- a/hypervisor/include/arch/x86/cpufeatures.h
+++ b/hypervisor/include/arch/x86/cpufeatures.h
@@ -77,6 +77,8 @@
 /* Intel-defined CPU features, CPUID level 0x00000007 (EDX)*/
 #define X86_FEATURE_IBRS_IBPB	((FEAT_7_0_EDX << 5U) + 26U)
 #define X86_FEATURE_STIBP	((FEAT_7_0_EDX << 5U) + 27U)
+#define X86_FEATURE_L1D_FLUSH	((FEAT_7_0_EDX << 5U) + 28U)
+#define X86_FEATURE_ARCH_CAP	((FEAT_7_0_EDX << 5U) + 29U)
 
 /* Intel-defined CPU features, CPUID level 0x80000001 (EDX)*/
 #define X86_FEATURE_NX		((FEAT_8000_0001_EDX << 5U) + 20U)
diff --git a/hypervisor/include/arch/x86/msr.h b/hypervisor/include/arch/x86/msr.h
index 7e4e26c0f..e3ac804d2 100644
--- a/hypervisor/include/arch/x86/msr.h
+++ b/hypervisor/include/arch/x86/msr.h
@@ -44,6 +44,8 @@
 #define MSR_IA32_APERF                      0x000000E8U
 /* Actual performance clock counter */
 #define MSR_IA32_MTRR_CAP                   0x000000FEU	/* MTRR capability */
+#define MSR_IA32_ARCH_CAPABILITIES          0x0000010AU
+#define MSR_IA32_FLUSH_CMD                  0x0000010BU
 #define MSR_IA32_SYSENTER_CS                0x00000174U	/* CS for sysenter */
 #define MSR_IA32_SYSENTER_ESP               0x00000175U	/* ESP for sysenter */
 #define MSR_IA32_SYSENTER_EIP               0x00000176U	/* EIP for sysenter */
@@ -567,4 +569,14 @@ static inline bool pat_mem_type_invalid(uint64_t x)
 #define SPEC_ENABLE_STIBP		(1U<<1U)
 #define PRED_SET_IBPB			(1U<<0U)
 
+/* IA32 ARCH Capabilities bit */
+#define IA32_ARCH_CAP_RDCL_NO			(1U << 0U)
+#define IA32_ARCH_CAP_IBRS_ALL			(1U << 1U)
+#define IA32_ARCH_CAP_RSBA			(1U << 2U)
+#define IA32_ARCH_CAP_SKIP_L1DFL_VMENTRY	(1U << 3U)
+#define IA32_ARCH_CAP_SSB_NO			(1U << 4U)
+
+/* Flush L1 D-cache */
+#define IA32_L1D_FLUSH		(1UL << 0U)
+
 #endif /* MSR_H */