An embodiment of the invention is meant to prevent/allow microcode updates after an operating system is booted on a platform. A processor includes a lock directive that, when set, prevents microcode updates to occur after the operating system has been booted. In an embodiment, the lock directive is read during boot of the processor. A lock indicator is then written to an accessible location so that an attempt to patch, or update, microcode after the operating system has booted will be prohibited if the lock indicator indicates that microcode patch updates are not allowed. Other embodiments are also described and claimed.