http://inertiawar.com/microcode/ suggests a variant of SHA1 or SHA2 with 2048-bit RSA. No doubt it's changed since the P6, probably with different private keys for each CPU model/family, but the public key must be present in the hardware in order to verify, so theoretically it could be extracted...

Edit: public key. There might be a test mode which bypasses this or something.