Integrating message authenticity

[andreiw]

What kind of replay attacks are being talked about here? This is CPUID functionality and the data is available via an M-mode pointer, and thus is hidden away from even HS/S-mode firmware.

This reads like fairly vague arm waving around something that is not an actual usable feature. The section even mentions that signing is optional. I'd drop it entirely.