I first learned of Intel’s Management Engine (ME) through my search for a open hardware laptop. A true open hardware portable computer is rare to come by. Purism’s hyperbolic Twitter feed also regularly reminds me that this is a thing. They’re running a petition to Intel to remove the ME.
So, what is this Management Engine? The best write up that explains it in fairly layman’s terms is Damien Zammit’s write up for Boing Boing.
The idea behind it is that there is a second smaller CPU inside of all recent Intel CPUs that is put in place for widespread corporate management of deployed systems in that company. The downside is that the ME is installed in those CPUs regardless if you work for a company that needs to manage that computer or not. Furthermore, the ME is very closed-source, so it’s un-auditable and it’s baked into the processor. So, if there is an exploit found for Intel’s ME, then every modern desktop computer is exposed at it’s most fundamental level.
And as a quick PS, AMD is flying under the RADAR here because AMD chips aren’t as common as Intel chips despite their best effort. AMD’s Platform Security Processor (PSP) is pretty much the same thing.