Chromebooks give you full flashing & serial console access for both AP (main CPU) and EC over an SBU cable, run open source firmware on both AP and EC (modulo FSP/AGESA), even run open source firmware on the root of trust (you can't replace that one with an unsigned build on a retail device but you can study it for sure).
Apple silicon Macs have the main CPU cores fully in control, with zero external peripherals having full DMA access to system RAM (everything goes through IOMMU), and have an interesting secureboot architecture that allows different security levels on different OS installations (you can run unsecured Linux side-by-side with a fully Netflix-ready macOS).
I have much worse news about the typical Intel BootGuard'ed PC laptop.
Apple silicon Macs have the main CPU cores fully in control, with zero external peripherals having full DMA access to system RAM (everything goes through IOMMU), and have an interesting secureboot architecture that allows different security levels on different OS installations (you can run unsecured Linux side-by-side with a fully Netflix-ready macOS).
I have much worse news about the typical Intel BootGuard'ed PC laptop.