Yeah, I do. Every system has tons of non-architectural cores for security, power management, and for other purposes. Apple advertises some of theirs as for example "secure enclave" and, on older Macs, the T1 and T2 security processor which runs the proprietary closed-source BridgeOS and has unfettered access to everything on the system.

Which one of these cores perform the same functions and present the same attack surface as the IME?

Closed source, so we can speculate (or try to reverse engineer/break it).

By a 'zero trust' security philosophy, anything short of completely open source is inherently untrustable.

You may not be practicing that philosophy, but that doesn't make those who do "paranoid" any more than corporations implementing PCI-DSS controls.

Security does not work retroactively, only proactively.

That's all anyone has against IME, also. And BridgeOS isn't any more secure. There are tons of known flaws in it.

Part of it runs bridgeOS. The Secure Enclave runs something else altogether called sepOS.

https://support.apple.com/guide/security/secure-enclave-sec5...