[luma]

That is exactly my point. If you don't trust Intel, then who are you suggesting should build your processor? Unless you are going to design and fabricate your entire system top to bottom, and have no other persons involved who could surreptitiously insert evil code, then you're going to have to accept some degree of trust in a 3rd party.

[dlmetcalf]

It's not just Intel you're trusting, it's the OEMs, who also have an EXTREMELY poor record. Just take a look at the ENORMOUS number up BMC and auto-update vulnerabilities. They really just either couldn't care less, or are deliberately making machines vulnerable. Things are being pushed into IME, that aren't optional, often aren't wanted by users (or snuck in there so they wouldn't know), don't all have to be there, can't be verifiably disabled or overriden by end users. Even if it weren't backdoored (unlikely), it presents an ENORMOUS attack surface at the very worst possible privilege level. Open source designs that are at least inspectable by researchers would be a start. But more importantly - allowing users to CHOOSE whether they want to override software (it IS after all software and not hardware). Why shouldn't we be permitted to run Libreboot etc on modern hardware and know that when we turn a machine off, that it's off, without unplugging network, power cables, batteries, etc?