[qb45]

Unfortunately, a "management engine" with some degree of control over the CPU is necessary for, well, management. As in remote management, which is something that big corps with thousands of machines want, and the more control it gives the better.

The code itself is as secret as the code of any proprietary Windows-based remote administration tool they could supply as a poor man's substitute if the ME didn't exist. It's just how this industry works.

This doesn't indicate that there is anything "bad" going on. What is bad is that Intel, being the cheap bastards they are, combined this remote management and DRM, virtualization, TPM, CPU initialization and hell knows what else into one blob running on one MCU with no way to separate and disable the unneeded/unwanted/buggy/vulnerable garbage from actually useful functionality. And that such critical part is closed to third party scrutiny.

[throw2016]

This is a bit of a fig leaf. If it was just for enterprise users there would be no reason to impose it on everyone. It would be positioned as an enterprise exclusive with a price premium.

The fact that both AMD and ARM integrated similar technologies at around the same time is too much coincidence.

All the signs point to bad actors but for some the bar of evidence is either another Snowden level sacrifice or Intel providing a signed confession. Both improbable and unrealistic. In many ways the detail, scale and scope of revelations in the past 5-10 years make skepticism and hard questions essential. The benefit of doubt has long moved the other way. This alternative is a kind of forced naiveté and denial.

[duskwuff]

> The fact that both AMD and ARM integrated similar technologies at around the same time is too much coincidence.

Don't believe the FSF's FUD. TrustZone is really not comparable at all to Intel's Management Engine or AMD's Secure Processor:

* TrustZone is an operating mode of the CPU, not a separate processor. Fundamentally, it's not all that different from supervisor mode; it's just more privileged. (If you really wanted, you could probably write an OS that ran parts of the kernel in TrustZone.)

* You don't have to have anything running under TrustZone. Indeed, most processors which support TrustZone (e.g, most Android phones) aren't using it at all.

* The TrustZone specification is publicly available [1]. You can read about it all you want. (If you're brave enough and have the right development tools, you can even write code to run in it.)

* ARM's reference implementation of a TrustZone OS is also publicly available [2]. If you're curious how it works, you can see for yourself. (This doesn't include the application code which may be present in specific implementations, of course.)

[1]: https://www.arm.com/products/processors/technologies/trustzo...

[2]: https://github.com/ARM-software/arm-trusted-firmware

[qb45]

> Don't believe the FSF's FUD

Don't believe anti-FSF FUD. If you think they have an issue with TrustZone itself, as opposed to devices using it without owner's control, I'd love to see the links.

[snvzz]

>If you really wanted, you could probably write an OS that ran parts of the kernel in TrustZone.

https://genode.org/documentation/articles/trustzone

[qb45]

> If it was just for enterprise users there would be no reason to impose it on everyone. It would be positioned as an enterprise exclusive with a price premium.

AMT is positioned as enterprise exclusive with a price premium, that's how Intel's pricing usually works. The underlying hardware (the ME) is not, because it's used for other things too. On old chipsets you can clear the ME firmware and the computer will miss some weird features but otherwise work, on newer chipsets it won't work at all. That's why every chip has the ME even if many chips don't have the AMT.

> The fact that both AMD and ARM integrated similar technologies at around the same time is too much coincidence.

AMD: not coincidence, competition.

ARM: See the sibling post.

[kingosticks]

> AMD: not coincidence, competition

For the sake of argument more than anything, were AMD even remotely competitive with Intel in the enterprise sector at the time they introduced their version of this technology? Sure, they might need it one day (which may be soon) and it'd be nice to have it out there and supported, but I'm not totally convinced by this argument.

[admax88q]

You could achieve the same thing via virutalization.

Run a small OS first which has remote management capability, and then boot straight into a virutalized OS that the user uses.