By the way, if you would like to avoid ME entirely - there are still AMD options. The latest AMD-without-PSP is significantly more powerful than the latest Intel-without-ME - and there are AMD platforms supported by the opensource coreboot BIOS. Actually, we have been discussing one of them - Lenovo G505S - here: Lenovo G505s - #5 by mike_banon . Quad-core CPU, 16GB RAM, no PSP, works fine with Qubes (i.e. because IOMMU is functional with coreboot), and thanks to coreboot you can be sure there are no backdoors in BIOS.
-
If you would like an AMD-no-PSP coreboot-supported desktop, there are the similar-by-privacy-level ASUS A88XM-E (MicroATX, uses A10-6800K/A10-6700 CPU, working IOMMU) and ASUS AM1I-A (MiniITX with Athlon 5370/5350 but sadly AM1I-A platform doesn’t have IOMMU which is important for Qubes).
-
If you would like a server, there is an awesome ASUS KGPE-D16 which can be even libreboot’ed (a higher level of freedom than coreboot - can run without ANY closed-source binaries at all), and can host up to 2 x 16-core Opterons like 6386SE and 192GB of RAM.
Our 3mdeb company has been working hard on bringing ASUS KGPE-D16 back to coreboot - see Thoughts dereferenced from the scratchpad noise. | KGPE-D16 open-source firmware status (1 year old, the things are better now) and the Dasharo firmware ROMS here - Releases - Dasharo Universe
Not necessarily, because those ME/PSP provide the remote access capabilities by design and have the security holes which could be exploited. Btw even the proprietary BIOS/UEFI can pose such a threat - see Computrace, BadBIOS, etc.
Therefore the opensource coreboot firmware, as well as the no-ME/no-PSP platforms supporting it (examples above) - are really important for the truly secure computing the people are trying to achieve there with QubesOS, but which isn’t enough if alone…