Then, I see Intel offer vPro/AMT with a networked, DMA'd microcontroller that listens for remote requests when the system is powered off and can bypass all security without host monitoring. Told everyone that would listen "There's the backdoor. They even said it publicly with different words but it's definitely rigged with a "un-avoidable flaw" with remote access. Or 0-days in rushed, complex firmware." Some security people here argued endlessly on some threads over whether the rand instruction was weakened for NSA on a chip with publicly-advertised, remote access to internal state. I mostly threw my hands up on the topic recommending PPC and SPARC most of the time with their Open Firmware if not custom stuff. Do embedded boards for management since they're cheap and can be isolated.