The shortest possible answer to this question for people who only like to skim a single sentence is that you should not concern yourself with Intel ME at all.
These posts themselves are a good example of the type of thing we are going to have to monitor much more closely going forward. You’re right that non-experts dismissing questions and posts as “FUD” simply because they don’t understand the question or aren’t personally concerned with the answer themselves does not facilitate constructive conversation.
What people consistently fail to realize is that the following two things can be true simultaneously:
- Intel ME is bad
- You should not disable Intel ME
The short-ish answer to your question is that you should not just “accept” Intel ME, AMD PSP, and mechanisms like them as a necessity, in the sense that you should demand change and seek out alternative products that do the same thing in a more secure manner. Intel ME has numerous and very well documented drawbacks and vulnerabilities. There is no reason that the security advantages that Intel ME does provide have to be part of an overall insecurely-implemented package. Intel could easily modularize these security components and implement them in a less lazy way, like Apple is doing with Apple Silicon for example.
However, you also should not go out of your way to modify an Intel or AMD product yourself with tools like “me_cleaner” that pose hugely significant security problems themselves. The risks of doing so far, far outweigh the risks that ME/PSP present to you. You are not a hardware security expert, and so you are not capable of effectively securing your hardware more than it is designed to be secure.
Two things can be true!
