[seanw444]

You could probably imagine the possibility of state actors and Intel, for example, conspiring to backdoor AES instructions of specific targets. Maybe possible with the IME. Not accusing them of this, but it's not out of the realm of possibility. The only things using the AES instructions are important data needing to be encrypted.

On the other hand, trying to backdoor XOR would give you an astronomically higher amount of white noise. Finding important data mixed in with all the other things a computer XORs would be much harder.

[fluoridation]

The CPU would "just" need to look at all executable pages to find binaries of common AES implementations, and when it finds one it could wait for the key to be loaded and then exfiltrate it. It could also detect (although at greater effort, possibly much greater) when you're using it to compile AES and inject spying code into the output, even if the target is a different architecture.

If the attacker has access to your computer, you've already lost. If the attacker built your computer, it was never even a fight.