The existing answers more or less cover it.
Same powers? No
Bad powers? Yes
Some additional comments are:
- the writeable microcode may be limited in how it can modify the operation of the CPU - there may be core instructions that are safe even in the presence of malicious microcode - of course you may not know which those instructions are - and for an arbitrary CPU the set of safe instructions may be empty
- writeable CPU microcode is not the be all and end all of malice - because the CPU could have hard-wired malice i.e. even with benign writeable microcode; the only true antidote is an open CPU design
No. Because a CPU may not have microcode at all. Or it may not have writeable microcode, more to the point.
I believe that typical ARM implementations do not have writeable microcode. So whatever malice is there, if any, it is baked in - but at least it can’t be hacked in after the fact.
So the key questions regarding microcode are:
- does the CPU even have microcode? (usually the answer today is “yes”)
- is the microcode baked in to the CPU or can it be modified after the fact?
One other comment on Intel ME … as I understand it, the homunculus CPU is intentionally undocumented and intentionally unauditable and its code intentionally obfuscated. Very little is known about the homunculus CPU. Probably relatively little research has been done into its specific security problems, for example by comparison with the main (x86) CPU whose problems in recent years have been widely discussed and documented, although a few security problems with the homunculus CPU have come to light over the years.
You really couldn’t design something that is worse from a security point of view.
This is “security through obscurity” at its worst. Intel CPU verifiable security is inversely proportional to the potency of malice i.e. potency of malice goes up to infinity while verifiable security goes down to zero. That’s a pretty dangerous combination.