Can’t find the pdf, but it’s all related to the zentool stuff:

https://github.com/google/security-research/blob/master/pocs...

Tavis spells it out there pretty quickly:

“ The simplest instructions (add, sub, mov, etc) are all implemented in hardware. The more complicated instructions like rdrand, fpatan and cmpxchg are microcoded. You can think of them as a bit like calling into a library of functions written in that RISC-like code.”