If I have no access to the firmware, but neither does anyone else, then it's just a part of the hardware. That is okay.
I don't care whether a given processor is microcoded via a tiny ROM, or whether it is all hard-wired gates; the difference is just in the instruction execution timings.
We are not "hosed" in any way by this.
As soon as the microcode is writable, then we have questions: can anyone write any arbitrary microcode and put it in place? Or is there some tamper-proof layer containing that only accepts signed microcode, and who has the keys?
Any aspect of the machine which is data-driven is de facto hardware if that data is fixed in read-only memory.
Consider than an AND gate can just be memory. The two inputs can be treated as a two bit address: 00, 01, 10, or 11. If we stuff in the values 0, 0, 0, 1 into the 1-bit content cells at these addresses, we have an AND gate.
If this memory is ROM, then the overall circuit is not distinguishable from a conventional AND gate where a few transistors do the signaling directly.
I don't care whether a given processor is microcoded via a tiny ROM, or whether it is all hard-wired gates; the difference is just in the instruction execution timings.
We are not "hosed" in any way by this.
As soon as the microcode is writable, then we have questions: can anyone write any arbitrary microcode and put it in place? Or is there some tamper-proof layer containing that only accepts signed microcode, and who has the keys?