As it currently stands, Joanna herself has found Intel ME to be a depressing[1] situation[2]. This was in fact a change of heart, compared to her earlier views[3].
Fortunately, neutralising parts of the ME is now possible. For this reason, obtaining a Qubes hardware certification[4] makes it mandatory. So this is currently the ideal choice.
Unfortunately, this choice is also limiting. A highlight for example are the Framework laptops, where the manufacturer still has not agreed to prioritise free firmware, despite years of persistence[5] from their potential customers and broader community.
On the other hand, there is the choice for an AMD processor. Their equivalent of ME is called PSP. As of 2023, security researcherers such as Christian Werling[6], Alexander Eichner and Robert Buhren[7] have reported that PSP is lacking a network stack and as such, it doesn’t represent a priority for similar efforts to neutralise it. But at the same time, the maintainer of the Coreboot fork Libreboot, seems to express equal concern[8] for PSP as she does for ME; while indeed she mentions the existence of a built-in network interface only in the case of ME, she does say that PSP has access to the standalone network controller, if one is present on the system. However, this does not have equivalent implications for security; comments are welcomed.
In any case, AMD comes with unique and definitive issues. First, as Qubes themselves emphasise[9], AMD is significantly less efficient than Intel regarding microcode updates, which in fact introduces new security risks. Notably, the user depends on hardware vendors (rather than on AMD alone) to eventually distribute the required update.
Secondly, on multiple online forums there are generic reports of “bugs” and “instability” on various systems (not necessarily Qubes OS) running AMD, which seem to be attributed to a lower standard in the manufacturing process, but also to less support at the software level. Without direct experience, it’s difficult for me to know the extent of those issues and their relevance. This is another point where I hope the community is able to provide clarity.
Finally, it should be noted that AMD also offers a cost advantage.
I hope to hear opinons on the accuracy of this assessment, in particular regarding any omission of relevant variables. As previously mentioned, a comparison between the usability of AMD vs. Intel would be valuable, with a particular focus on being specific (e.g when using Qubes, are rare and brief system freezes to be expected, or more likely regular crashes?). But most importantly, how does standard Intel ME and standard AMD PSP actually compare, from a security point of view?
Thank you
Intel x86 considered harmful (new paper) | The Invisible Things Blog ↩︎
https://blog.invisiblethings.org/papers/2015/x86_harmful.pdf ↩︎
More Thoughts on CPU backdoors | The Invisible Things Blog ↩︎
[RESPONDED] Coreboot on the Framework Laptop - Framework Laptop 13 - Framework Community ↩︎
Question, regarding psp, · Issue #54 · PSPReverse/PSPTool · GitHub ↩︎
Libreboot – Frequently Asked Questions about Libreboot firmware ↩︎