> anyone using new chips that use Intel ME (or AMD's equivalent) have a gaping hole in their security that no OS can patch
Not really; anyone using chips with Intel ME or AMD PSP have an additional large binary blob running on their system which may or may not contain bugs or backdoors (of course, also realizing a sufficiently bad bug is indistinguishable from a backdoor).
There are tens to hundreds of such blobs running on almost any modern system and these are just one example. I would argue that ME and PSP are not the worst blob on many systems; they have both unsupported but almost certainly effective (MEcleaner / ME code removal), supported and almost certainly effective (HAP bit), or supported and likely effective (ME / PSP disable command) mechanisms to disable their functionality, and they are comparatively well-documented versus the firmware that runs on every other peripheral (networking, GPU, etc.) and comparatively hardened versus EFI.
Yeah, this lives in the back of my mind too. I run debian on 11th gen intel, but with the non-free blobs included to make life easier. I've been meaning to try it without them, but it's too tempting to just get things 'up' instead of hacking on it.
There's little we can do about it short of running ancient libreboot computers. We'll never be truly free until we have the technology to manufacture free computer chips at home, just like we can make free software at home.
ASML fabs in every basement when?
I think riskV is as close to an open source CPU we have at the moment, unfortuantly most riskV cpu's rely on the company having IP that is protected like the CPU layout or the core architecture as of what I understand of modern CPU design.
RISKV has been a great step forward and I'd love to see it succeed but I'm also aware of the lack of open source architecture for GPU's or AI accelerators.
RISC-V* (Reduced Instruction Set Computing, 5th incarnation)
And sure, companies can choose not to share chip designs, but if you want an open-design CPU then you should be checking for that specifically and not just filtering by ISA. There exist such chips already, and I expect they'll catch up with AArch64 chips (in terms of being able to run desktop Linux) in <10 years, given the specs already include SIMD and the high-end chips have clock rates comparable to the oldest Windows-on-ARM laptops, like the 1st-gen Surface.
Not really; anyone using chips with Intel ME or AMD PSP have an additional large binary blob running on their system which may or may not contain bugs or backdoors (of course, also realizing a sufficiently bad bug is indistinguishable from a backdoor).
There are tens to hundreds of such blobs running on almost any modern system and these are just one example. I would argue that ME and PSP are not the worst blob on many systems; they have both unsupported but almost certainly effective (MEcleaner / ME code removal), supported and almost certainly effective (HAP bit), or supported and likely effective (ME / PSP disable command) mechanisms to disable their functionality, and they are comparatively well-documented versus the firmware that runs on every other peripheral (networking, GPU, etc.) and comparatively hardened versus EFI.