But how can you verify that the processor's own software, which ultimately runs the application, has not been compromised?
The software running on the smartcard? You write that yourself, and hopefully your security processes are good. The nice thing about smartcards is that the trusted computing base is massively smaller than that of a regular operating system.
If you disallow installing applications post-issuance (which is probably a good idea for ID cards), you don't even have to worry about VM runtime integrity either, as there will be only your application running on the card.
Processor's software becomes no different than a switch, a transfer medium in the network when you use the smartcard capabilities of the EU ID card. Digital signatures and cryptography happens purely inside the RFID/smartcard chip of the card.
This is how payments work for chip-and-pin system of EMV and login and signing systems of many businesses in the EU already. There is no need for third party attestation already.