> As it stands, besides preventing the user from making modifications to CPU functionality, the user is also forced to "trust" updates that might be created for specific anti-consumer purposes (say, compelled by government security services).

That would be less of an issue if the updates were auditable (that is, security researchers could read and study them), even if users weren't able to modify them. Unfortunately, other than some early CPU designs, AFAIK microcode updates are always encrypted. I suspect that their reason is to protect "trade secrets" on details of their CPU design.