The game changed fundamentally with the introduction of the Intel Management Engine (or the AMD Platform Security Processor) on the x86 platform. The system is now "deep pwned" as described in point 3.1.1 of the article. The manufacturer has ultimate control of the platform, the user has been disowned.
The article is much larger than CPU level access and control..It discusses high level issues worth thinking about such as communications and social elements
The article lacks any real actionable advice to date it too much.. when will it be out of vogue to suggest reading 1984 to aide in 'anticipation'?
But the value of the article aside.. your language: dated; made me interested in finding out when ME was first introduced and I was having trouble finding any concrete dates of introduction
A lot of your links and their references date around 2015+, yet the authors of your linked book worked at Intel around 2007 and failed to discuss introduction dates
Then I found this at the libreboot FAQ that states ME was introduced into all Intel chips 2006+(o) with the real issues after implementations dating after ~2009+
Also in my search I found some promising leads on overcoming the ME issue:
What an unfortunate and reason defying battleground
But at the fundamental level the battle is lost, you will never own your (x86 based) PC as long as there is an IME/PSP in it.
Concerning the introduction of the IME/PSP, it says already in the first link that I provided: "All post-2013 (AMD) and virtually all post-2009 (Intel) systems".
I think we are very far from neutralizing the IME. Earlier implementations can be manipulated to some degree (not "neutralized" though), but recent versions are rather fool proof.
The book is written by one of the engineers of the IME. While it might not discuss introduction dates it discusses pretty much everything else and is THE reference when studying the IME :)
There's work in progress on removing the ME blob on the Thinkpad x220 and the Librem 13.
But for most modern systems, yes, you're right.
While it is possible to mess around with older implementations of the IME it is pretty much impossible with recent versions. It sits now on the CPU die and is inaccessible.
An it is only removing the ME blob in the system's flash memory. The ME has also it's own internal ROM which contains firmware which cannot be altered or read.
Unless you've inspected the silicon on your CPU, then you are inevitably trusting the manufacturer of the chip to some extent.
What new threat model does the Intel ME add?
But the IME/PSP is intentionally and officially implementing an architecture which ensures that the manufacturer has ultimate control on the platform, and can run any code it pleases anytime on your computer. It runs at the deepest level (below OS, BIOS, VTd, SMM), and has maximum privileges on the platform. It runs all the time, so even as you have your computer switched off.
Have a look at Intel Anti Theft Technology for example.
It utilizes the IME. It shows that the IME is able to completely take control away from you. It can be triggered while the computer is switched off by sending it a specific packet over 3G network. And while activated you cannot switch it on anymore and it does whatever it pleases, like continuously sending location data to Intel servers across whatever network it manages to get hold of. Nothing you could do about it.
Less spectacular is the problem that CoreBoot/LibreBoot are facing. It is not possible to install the firmware you wish, because the IME is more powerful than you on the platform and does not allow you to do so.
So you have a second computer sitting inside your computer which has full access to your resources and the manufacturer is controlling what it is doing.
So while we were maybe speculating about trusting the CPU manufacturer before, now we have no choice anymore. We have to trust him, he is the boss on the platform.
All that's changed is that they are implementing function which makes it obvious that this is possible.
And it has also changed in the sense that the IME is a full fledged autonomous universal computer which has it's own RAM, ROM, clock etc. It is not just some very specific chip with hard-coded functionality, no, it can e.g. load and run Java applets. So it is a very powerful moving target which can be used for whatever it is programmed to. Rootkit researcher Joanna Rutkowska called it the perfect rootkitting infrastructure.
I have heard that this only works over the built-in network interface- so perhaps it can be defeated by installing a separate network card and not hooking up the built-in card? Anyone care to comment on if that is an effective mitigation?