Two bits surprised me.

First, Intel is apparently collecting telemetry underneath the OS?

   "The ITH can trace different internal hardware component (VIA - Visualization of Internal Signals, ODLA - On-chip logic analyzer, SoCHAP - SOC performance counters, IPT - Intel Process Trace, AET - Intel Architecture Trace), and external component like CSME, the UEFI firmware, and you can even connect it to ETW. *This telemetry eventually finds its way to Intel in various methods*."

The second is the nested complexity. The sheer quantity of stuff running before the bootloader is staggering. How is it possible to secure these nested trees of computers-in-computers?