Yes, it's a good thing. Verified boot already covered verification of all the firmware and the entirety of the OS partitions (vbmeta, boot/dtbo, system/vendor) which are all mounted as read-only at runtime and updated by writing to the alternate partition set. It covers more now.
Pixel 3 extends the verification to system component updates (code and data) in userdata, and potentially more than that in the future. It's not as useful for this hardened OS work because system components are likely only going to be (allowed to be) updated via OS updates.
Ah ok. Would be nice if we could choose what kind of code is verified. As always great work Daniel. Hope my second pixel 3 arrives today. Then I can test this stuff as a daily driver. Thank you very much for continuing your work on hardening AOSP. Thx