>As long as there is a PSP on the system it cannot be fully controlled by the user, even if it's source code should be known.
Why can't you have self-signed PSP/ME firmware ? Why is this not similar to the way android handles bootloaders ? i.e., You either have OEM's keys in the chain, or you have your own. If your employer owns the machine, they do whatever they want. If you own the machine, you do whatever you want.
Why is it an illusion if you have the source ? You get the source, build it, sign it, and flash it. You can't verify that CPU will only accept your signed firmware and not something else under special circumstances, but you can't verify those sort of cases in hardware anyway. The CPU is a black box at the end of the day.
Edit: Disabling becomes a special case of flashing in this case. Actual hardware disabling will likely never happen because of all the people who use the functionality. The best you can hope for is flashing whatever you want (including nops)
There's nothing stopping a PSP/IME from waking up on a magic packet, executing code that doesn't exists in flash (say, it is cleverly crafted into what looks like dummy transistors used to ensure an equal metallization layer), downloading new firmware from a C&C server, and re-flashing itself.
If you want to actually own the hardware, you'd probably need a custom chip layout all done by hand on a planar node so it was easily verifiable by a third party with relatively inexpensive tools; things like dopant-level attacks assume access to the machine physically as far as I know.
If you assume that a fab could be hostile, you'd have to zero the foundry attack surface.
This hypothetical chip would be dog slow and uncompetitive, but by god, it'd be yours.
Why can't you have self-signed PSP/ME firmware ? Why is this not similar to the way android handles bootloaders ? i.e., You either have OEM's keys in the chain, or you have your own. If your employer owns the machine, they do whatever they want. If you own the machine, you do whatever you want.