A data processing system may include hardware resources, such as a central processing unit (CPU), random access memory (RAM), read-only memory (ROM), etc. The processing system may also include software resources, such as a basic input/output system (BIOS), a virtual machine monitor (VMM), and one or more operating systems (OSs). When the computer system is started or reset, it may load the BIOS, and then the VMM. The VMM may include a root OS, or it may run on top of a root OS. The VMM may then create one or more virtual machines (VMs), and the VMs may boot to different guest OSs or to different instances of the same guest OS. The VMM may thus allow multiple OSs and applications to run in independent partitions.
The CPU in such a data processing system may provide hardware support (e.g., instructions and data structures) for virtualization. Additional details about virtualization may be found in reference manuals such as the following:                Intel® Virtualization Technology Specification for the IA-32 Intel® Architecture, dated April 2005 (hereinafter “the VT-x Specification”); and        IA-32 Intel® Architecture Software Developer's Manual, Volume 2B: Instruction Set Reference, N-Z, dated June 2006.Other manufacturers may produce processors with different features for supporting virtualization.        
Unfortunately, computer viruses, worms, rootkits, or other types of malware may attempt to use virtualization features in support of malicious activities. For example, an article dated Jun. 28, 2006, on the www.eWeek.com website at article2/0, 1895,1983037,00.asp describes a “Blue Pill” rootkit that allegedly uses CPU virtualization features “to create an ultra-thin hypervisor that takes complete control of the underlying operating system.”