I'm curious if Apple's work on hardening their secure boot process on x86 affects this at all? For this unaware, this [0] video covers it over about seven minutes. Basically they claim to be enabling the IOMMU with a basic deny everything policy so that when the changeover to executing from RAM occurs and PCIe devices are brought up the IOMMU is able to deny possible malicious access to the firmware image.
It sounds from the end of the article that there are separate DMA/IOMMU processes for the CSME, but I'm not familiar enough with stuff this far down to know for certain.
It is their proprietary T2 chip that controls things like FileVault (fulldisk encryption) and Touch ID. So a vulnerability on Mac would not be nearly as severe as on Windows, where the this can eventually compromise the fTMP used for BitLocker encryption (dTMPs wouldn't be vulnerable, but their integrity protection can be bypassed by messing with their physical connections to the CPU).
The T2 chip has its own Secure Enclave and immutable BootROM, and it supposedly verifies the Intel UEFI ROM before it is allowed to load, and then the CPU reads this from the T2 over SPI. So it would seem that this boot process is not weakened by a compromise of the Intel key, as only Apple can sign UEFI updates to be loaded onto the T2 chip.
It sounds from the end of the article that there are separate DMA/IOMMU processes for the CSME, but I'm not familiar enough with stuff this far down to know for certain.
https://youtu.be/3byNNUReyvE?t=124