docs: document new manifest field APEIP

Author: charludo

docs/docs/architecture/components/manifest.md

@@ -20,6 +20,7 @@ The manifest has the following higher level structure:
       {
         "ProductName": "<product-name>",
         "TrustedMeasurement": "<trusted-measurement>",
+        "APEIP": "<ap-eip>",
         "MinimumTCB": { },
         "GuestPolicy": { },
         "PlatformInfo": { }
@@ -134,6 +135,15 @@ The kernel command line contains the dm-verity hash of the root filesystem, whic
 It's the (launch) `MEASUREMENT` from the SNP `ATTESTATION_REPORT`, according to Table 23 in the [SEV ABI Spec].
 Contrast is able to extrapolate from this single-vCPU measurement to those for up to 220 vCPUs.
 
+### `ReferenceValues.snp.*.APEIP` {#snp-ap-eip}
+
+The `APEIP` is the SEV-ES reset vector read from the OVMF firmware's footer GUID table.
+It's used together with [`TrustedMeasurement`](#snp-trusted-measurement) to derive the expected launch measurement for any vCPU count between 2 and 220.
+
+This field is injected automatically by `contrast generate` from the OVMF binary embedded in the CLI build and doesn't need to be set manually.
+
+When absent (manifests generated by older CLI versions), verification falls back to treating `TrustedMeasurement` as an exact vCPU measurement.
+
 ### `ReferenceValues.snp.*.MinimumTCB` {#snp-minimum-tcb}
 
 The `MinimumTCB` defines the minimum secure version numbers (SVNs) for the platform components.