Well, since the Windows patch has very little affect on performance, even IN the workloads most affected, seems like if you simply avoid updating the firmware beyond any versions that were available prior to Nov 1, 2018, you can avoid 95% or more of the performance hit. No patch + firmware equals very little difference if any on the majority of systems. I think that's what I'm going to do since the consensus is that unless you allow exploitable malware to reside on your system there is zero risk of a side channel attack, and I have no plans to allow that, it makes little sense to intentionally cripple my system by installing the firmware at all.
I'd avoid the Windows 10 patch as well if I could, but obviously there is no way to avoid installing that AND continue to be able to install other updates. It's all or none in that regard, so I'll allow the update but avoid the firmware. Pretty doubtful at this point there will be any meaningful bios updates for my Z170 system that are unrelated to this patch anyhow, and any future ones will incorporate it, so for all intents and purposes this system is done getting firmware upgrades for the remainder of its lifetime.