This is exactly why we use ARM and Power systems (though technically those systems are chosen only for the open firmware, it's mainly that those two architectures have CPUs with open firmware that are powerful / pervasive enough to be useful).
I just can't believe it's taken this long for the master key to leak...
...which makes me suspect it's already been extracted some time ago, just not in white hat circles / publicly.
Wonder what the GDPR implications are, since it's not exactly like the IME was a secret for the past 5+ years? Shouldn't purposefully choosing a cheap, but insecure, platform to store protected trigger some fairly nasty fines now that data leak (especially of, and I quote, "encrypted" data) is possible? Especially since the decision was purely to minimize cost on "that IT cost centre"?