I've personally never understood why the Intel's ME and AMD's PSP have to be on the CPU silicon itself. Couldn't they just be on the motherboard so that hardware vendors get to decide if they want to have those things on their boards and consumers could chose between boards with them and without them? When you have something that has access to literally everything on your machine and which the OS can't fight or detect if it's being exploited, then it's an issue even if exploiting it is merely a theoretic possibility. You don't have to be a security researcher to understand the danger of a single point of failure like this.

Honestly, the only surprise here is that it took this long for someone to find and disclose a vulnerability in the ME. I'm not even surprised by the fact that Intel is trying to downplay this and claim it's only an enterprise thing when they know full well that the ME doesn't shut down after boot, it continues running and monitoring data coming and going in via ethernet regardless of you trying to shut it down.

The link to the Mitigation Guide doesn't work for me: The page you requested has moved or doesn't exist. (Error 404)

one issue here is that it is just far cheaper to implement in Silicon. This is why i often express the opinion that the days of massive motherboards has passed. You actually have designers looking for new tech to put on a SOC. Not to be forgotten is the hugecpower savings.

The problem with this sort of tech is that there is a class of user that really needs what AMT and similar tech provides. Unfortunstely this means everybody gets the tech.

They day will comewhen a high performance computer is nothing more than a cube 2 inches on a side. One only needs to look at cell phones to see what PCs will look like in 5 years.

So true, well said, logged in just to +1 this post!

Is it really that much more expensive to implement on the chipset? Because I don't think it would cause any increase to total system cost, size or power draw when chipsets are built using the same photolithography processes as CPUs.

The idea with placing it on the motherboard is that it will still give this tech to the people who actually want it. Servers still use purpose built server boards and enterprise desktops are generally their own product lines with parts like motherboards specific to them.

I'm pretty sure that time won't be coming any time soon... While small ARM-based chips have been getting more and more powerful, they've done so by just coming closer and closer to desktop and server CPUs in both transistor count and architecture. An ARM chip with performance comparable to an x86 chip is also going to be comparable in size and power draw. The only reason why their power draw hasn't over the last few years increased as much as performance is because of improvements in manufacturing techniques. However gains in that area are becoming harder and harder to achieve and they've gotten pretty close to what you can do with silicon and replacement materials are at least a decade away.

Will setting rpi as a firewall/gateway on my wifi network ensure that this doesn't get outside this lan network ?

Yes, if the feature was indeed intended as advertised I believe they would be more forthcoming, however:

Yes exactly. That is obviously the real purpose of this feature so naturally they can't allow the user to control it or document it properly. Having side channel access to your servers is very useful for administration but it is critically important that the owner of the hardware have full ability to reconfigure or shut it down if wanted. It doesn't make sense for Intel to withold this unless there is some underhanded intent such as opening backdoors to the NSA.

That's the point, they don't want it to be an option. Likewise, why do they not allow the customer to reconfigure it, upload custom access keys and remove the defaults? Because then it wouldn't be a backdoor anymore, then it would only be a useful feature for the customer.

Oh, so we're moving into the tin foil hat and InfoWars territory here? I'd rather stay out of the realm of pure speculation and conspiracy theories myself...

Intel said this do not affect home computers, but what about the Thinkpads Lenovo sells? Mine have this thing, witch I disabled last year as soon as I knew about it being in my T430.