Voltage glitching is no double-click. It would be a huge embarrassment to AMD if just double-click defeated the secure processor's firmware authentication. This requires electrically messing with the power supply of the processor.

So this means the secure VM feature is secure up to the threat model of someone able to crack open the hardware.

Honestly that's kind of what I would have expected. Just making it almost impossible to get VM memory remotely by owning the hypervisor is pretty good and reduces your attack surface to people who can get into the data center and have electronics expertise.