[tomxor]

Ommiting microcode from the EFI has nothing to do with whether a CPU has loadable microcode capability or whether it is vulnerable. Unless you are using some pre-pentium intel CPU, an initial microcode revision is included in an on die ROM and an updated revision can be loaded at boot. Loading it in EFI/BIOS vs OS is a matter of convenience, which is why it's usually left to the OS these days.

Not having microcode blobs in the EFI doesn't magically mean your CPU doesn't use microcode or doesn't need patched versions to stay secure as in this case.

I do find it a little deceptive with some of these "libre" projects where they draw an arbitrary box around something, evict all proprietary blobs from it and then announce victory despite it operating underneath a whole load of other blobs that could easily subvert it. However I suspect the intent behind evicting microcode from libreboot was more due to it being a redundant task for EFI today.