Based on this thread, it looks as though this is no longer an issue: Intel had to make closing the ME back door possible (for the NSA…they want back doors everywhere else, but not in their own systems!) and Purism now fixes this vulnerability in its laptops. Re compiling everything for different hardware, the effort would be worth it if it were necessary (presumably the distro could still be based on Debian’s source packages, so it would probably be a time-consuming but relatively straightforward mission)…but in this case it just doesn’t seem to be necessary.