This and their Minix backdoor are the reasons why I wanted an AMD for my laptop, but I was sad I couldn't find a high-end Thinkpad with AMD processor. I hope that will change next year.
I'm not blaming it on Minix, but it does make use of Minix. I'm mentioning it to identify what I'm talking about. I believe the official name is Intel Management Engine. Or maybe that's just part of it.
Possibly. The Intel version is better publicised. I have no idea what PSP can do, but Intel's IME makes it possible to remotely completely override anything about a PC, which can be convenient for sysadmins for large organisations, but hasn't been disabled for consumer products.
AMD supports KVM redirection, too, via a standard called DASH. You can see examples at https://community.amd.com/community/devgurus/dmtf-dash/blog. From the standard body's description: "DASH provides support for the redirection of KVM (Keyboard, Video and Mouse) and text consoles, as well as USB and media, and supports the management of software updates, BIOS (Basic Input Output System), batteries, NIC (Network Interface Card), MAC and IP addresses, as well as DNS and DHCP configuration. DASH specifications also address operating system status, opaque data management, and more."https://www.dmtf.org/standards/dash
The extensive research on the ME I actually conside a pro for Intel, since I know more about what it does and how to disable it. The PSP is still more of a black box.
It's still a security risk – code is running in the ME that can be exploited locally.
Without vPro or with remote management and the network stack turned off there's a much smaller (probably close to zero) remote attack surface. With a vPro-capable chipset that has remote management enabled, the ME has its own IP address, plenty of potentially unsafe services, an insecure-by-default provisioning mechanism and much more.
