Spectre/Meltdown mitigations and detection script - variant #2 question

A little late to the party here ...

We've finally applied patches to mitigate spectre/meltdown, but the detection script is still saying that the microcode/hw is not updated for variant #2.

We've confirmed the (x86) microcode level we are running has the patches. We've also patched the host/hypervisor (RHEL KVM) and the guests (RHEL).

... when looking through the 'enabling mitigations in virtualized machines' knowledge base article, it mentions that the 'hypervisor needs to propagate the new CPU features correctly' and when rhel/kvm is used 'this entails choosing a suitable CPU type for the guest that has the flags'. Can anyone tell me what this means? Is there some parameter that needs to be set somewhere?

The detection script output is attached.

Any advice would be appreciated! Thanks!