Well, we had recently the Inel IME disaster, but how about AMD? AMD has a similar technique and chip which acts like a seperate OS with special permissions and options. It’s called Platform Security Processor (PSP). But before someone is gonna say ‘they spy too!’ no there not! You can disable it and it’s in general better documented.
The ARM core ensures and controls you stay secure – so the promise. With the coming AGESA-Code Update it’s not possible for you as user to control it, the update is beta at the moment and gives you a new option which is called “BIOS PSP Support“.
What about the source code?
AMD first promised to release the Ryzen source code, but then they did a step back – they saying they can’t because license reasons?! Personally I don’t buy it! There also still some open question how exactly PSP work because the documentation isn’t complete.