You got it wrong, there is nothing to do with ME here, it’s just one of the examples of how to maintain persistence. Just like when you flash a ME-disabled firmware, you can flash an image with it enabled.
Or enable an old version of it with your own configuration. Such as exactly what Intel-00086 is about.
Persistence is the key here. Nobody cares about OS level backdoor that you can wipe with OS reinstall.
If it was that simple it won’t be that critical for Apple, for example to roll it as urgent patch.
This doesn’t make any sense from a security standpoint. Same as a vendor will ship a rooted Android device
from the factory, and claim it was done to give the user more control and freedom, which it will, but also open
a huge security hole most users are unaware of.
I disregard Pureboot because it’s not something currently available. And this is not something that can help
you in case of already tampered machine. Some people here don’t know basic Linux commands and don’t
expect to be security experts to be secure, that’s why they pay a very premium price for that “freedom”. Just
like any other premium vendor won’t tell you there is a very technical PoC beta currently available, it’s not a
thing you can discuss now as a general solution. There is a concept called Trust On First Use which Librem laptops cannot be considered as at this point. Any other claim would be masking a security hole as a freedom
or privacy “feature”.
What is ironic is that a computer that is supposed to be more resistant to attacks because of a free BIOS, and
a clean ME, is actually more prone to them in the first place because of this policy.