[IshKebab]

Please. While no-doubt the NSA take advantage of this probably-insecure privileged processor, I seriously doubt they were behind it. Secure boot is an obvious business need and Intel and AMD clearly implemented it in the laziest way possible. And by laziest I mean: nobody is going to argue with you in a meeting if you say "we don't need to release the source code for this".

Seriously, anyone who has actually worked in a real company knows that it is a huge amount of effort to get source code released to the public, and if any of it is licensed from third parts it is probably near-impossible.

[kalenx]

We're not talking about secure boot, we're talking about Intel Management engine, which is a totally different story. You do not need ME at all to implement Secure Boot feature. Actually, no one really knows what Intel ME is doing, and _that_ is a huge problem.

[jackyinger]

Though I agree that there is a high likelihood that there is nefarious activity going on, I also ageee that there are legitimate uses for extra processors and firmware.

Take microcode for example. At one time (as I understand it) microcode was not a signed blob. However companies wishing to hide details of their microarchitecture chose to encrypt it.

My guess is that these encrypted blobs grew first out of corporate closed source culture, which is strong in HW companies. If they are subverted with actively malicious code it was probably by secretive efforts, not the NSA simply propositioning the HW manufacturer.

Finally I'd like to point out that unless you design your CPU chip yourself and oversee the layout of it on the die, it is also possible that the semiconductor manufacturer you hire could embed their own nefarious processor within your design.

In practicality, I think running RISC V on an FPGA would have a very low risk of subversion. Though the FPGA design tools might add nefarious logic too.

[tedunangst]

The businesses which pay extra for vpro know at least some of what ME is doing.