> higher-privilege co-processors running code outside the main OS' control is becoming (or already is) the norm everywhere
There may be good arguments for allowing these types of "features" but this is not one of them. I'm so tired of seeing "it's fine because everyone else is doing it too"
Quite the opposite. While IME is discussed to death, the same loss of control is happening everywhere and becoming more and more entrenched.
Like mentioned elsewhere in this thread, the problem isn't the presence of these types of components, but how opaque to the user (read: highly technical user) they are. Also they exist because there is demand for their features.
The talk I linked makes the case that OS development is failing by pretending these co-processors are outside its scope, and hardware vendors just go and do their own thing on the side. I add that this incentivizes proprietary firmware instead of open one. I mean, if there were pressure (from paying customers) for Intel to support open-source IME firmware, they'd do it. After all, they just want to sell more chips.
We need more exploits of these co-processors running in the wild. This stuff is done in the name of security but is incredibly insecure by nature. We know e.g. the NSA requests builds with this stuff turned off, but if more govts are affected then fewer will put up with this, the markets can follow.
There may be good arguments for allowing these types of "features" but this is not one of them. I'm so tired of seeing "it's fine because everyone else is doing it too"