It's also anti-consumer that CPU vendors don't let customers who own the CPU perform whatever updates they want because they don't give out signing keys.
As it stands, besides preventing the user from making modifications to CPU functionality, the user is also forced to "trust" updates that might be created for specific anti-consumer purposes (say, compelled by government security services).
That would be less of an issue if the updates were auditable (that is, security researchers could read and study them), even if users weren't able to modify them. Unfortunately, other than some early CPU designs, AFAIK microcode updates are always encrypted. I suspect that their reason is to protect "trade secrets" on details of their CPU design.
> You can physically do it with a microcode update.
Do these ARM CPUs even have microcode? Unlike on x86 CPUs where there are some very complex instructions which have to be microcoded, on ARM all instructions are simple enough that their decoding into micro-operations can be completely hard-coded in the decoder logic.
Do you know of any ARM cores used on smarphones which actually have updatable microcode? I've never heard of any. All errata fixes I've seen are of the "set this bit in a specific register" kind.
