Or the running microcode's ROM version plus loaded patch lines plus active match registers plus whatever settings were adjusted in config registers during the act of loading?
That is, attest the actual and complete config that is running, or some pointless subset that instills a false sense of security?
It would be good for AMD (and Intel etc.) to provide better details here.
[0] - https://www.amd.com/content/dam/amd/en/documents/epyc-techni...