If you don’t trust Intel, don’t buy an Intel.
That’s simplifying things though because it is not solely a question of trusting Intel. It is also a question of trusting any entity that could exercise coercive power over Intel.
Besides, Intel can trivially add a backdoor without the ME - they can introduce something like another Spectre […] variant.
That’s not the whole story though.
For a start, this is never a strong argument: Don’t worry about problem X because there’s also problem Y.
But in any case, while it is true that, in any future CPU that you might buy, Intel could have baked a backdoor in silico (something like Spectre), they would not be able to do that retrospectively to your existing CPU - whereas all of the following are potential low level vulnerabilities for an existing CPU:
- CPU microcode
- Intel ME firmware
- boot firmware (if not open source)
Anyone on this forum would always want to look closely at the first two bullet points (with the second bullet point being the one specifically relevant to this topic) because the third bullet point is considered “solved”.
The HAP bit clearly messes with Boot Guard policies, and no one knows what it actually does. It could mess up policy enforcement for all we know.
Well, indeed. This just serves to highlight what a problem the Intel ME is. The cure could (in theory) be worse than or better than the disease.
Intel hasn’t done itself any favours by making it “impossible” to reverse engineer the Intel ME firmware. It looks shifty. It makes it look as if they have something to hide. And of course for this forum, it is the antithesis of open source.
It is true that from a practical standpoint, you can ask the question: What is your realistic threat model?
But as a software engineer you can also ask that the system be provably secure by design - rather than relying on a “trust me”.
There’s also the at least theoretical possibility that all alternatives are even less trustworthy or have comeletely inadequate preformance.