I think that the most correct in this case, it will use the experience of the developers of devices with built-IN firmware. That is, supplying the virtual reality includes non-updatable partition with the "boot loader" firwmare for example, much reduced and stable Linux, or anything else by choice, the section with the actual firmware is the OS image with the software and a section with user data. Then send a new version of firmware to update to restart the system with "boot loader" and select "refresh". Something in this spirit.
And put the software on the VM — well, Yes. The weighting of requirements is much kompensiruet stability of the system — because, in fact, inside any VM work the same device driver irrespective of the actual hardware of the server. That is, the V-world, proven in the laboratory, will be exactly the same to work in any conditions. Not that your software may suddenly skomplektovat with the mouse driver, written with the left foot.