Provided herein are systems, methods, and computer program products for testing a firmware update in a secure virtual environment prior to actually installing the firmware update in a device or system. In one embodiment, a firmware update is received. The system is rebooted after receiving the firmware update, and a virtual machine monitor (VMM) is launched following the reboot. In turn, the VMM registers various exit handlers and policies, and launches a virtual machine within a unified extensible firmware interface (UEFI) stored within a reprogrammable read only memory. The process uses the VMM to launch a virtual machine, which is used to perform a test installation of the firmware update. If no violations or other errors are detected in connection with the test installation, the process reboots the system again and installs the firmware update in the regular operating environment following the reboot.