Intel decided they have the right to put a whole secret computer inside your computer that only they can access. God knows what it does when no one is watching.
That's the problem you should discuss, not this particular exploit.
Having a "management engine" with direct access to the network and to memory is questionable in itself. Its code being secret indicates there's probably something bad going in. If it only does what Intel says it does, it doesn't need to be secret.
Unfortunately, a "management engine" with some degree of control over the CPU is necessary for, well, management. As in remote management, which is something that big corps with thousands of machines want, and the more control it gives the better.
The code itself is as secret as the code of any proprietary Windows-based remote administration tool they could supply as a poor man's substitute if the ME didn't exist. It's just how this industry works.
This doesn't indicate that there is anything "bad" going on. What is bad is that Intel, being the cheap bastards they are, combined this remote management and DRM, virtualization, TPM, CPU initialization and hell knows what else into one blob running on one MCU with no way to separate and disable the unneeded/unwanted/buggy/vulnerable garbage from actually useful functionality. And that such critical part is closed to third party scrutiny.
This is a bit of a fig leaf. If it was just for enterprise users there would be no reason to impose it on everyone. It would be positioned as an enterprise exclusive with a price premium.
The fact that both AMD and ARM integrated similar technologies at around the same time is too much coincidence.
All the signs point to bad actors but for some the bar of evidence is either another Snowden level sacrifice or Intel providing a signed confession. Both improbable and unrealistic. In many ways the detail, scale and scope of revelations in the past 5-10 years make skepticism and hard questions essential. The benefit of doubt has long moved the other way. This alternative is a kind of forced naiveté and denial.
Don't believe the FSF's FUD. TrustZone is really not comparable at all to Intel's Management Engine or AMD's Secure Processor:
* TrustZone is an operating mode of the CPU, not a separate processor. Fundamentally, it's not all that different from supervisor mode; it's just more privileged. (If you really wanted, you could probably write an OS that ran parts of the kernel in TrustZone.)
* You don't have to have anything running under TrustZone. Indeed, most processors which support TrustZone (e.g, most Android phones) aren't using it at all.
* The TrustZone specification is publicly available [1]. You can read about it all you want. (If you're brave enough and have the right development tools, you can even write code to run in it.)
* ARM's reference implementation of a TrustZone OS is also publicly available [2]. If you're curious how it works, you can see for yourself. (This doesn't include the application code which may be present in specific implementations, of course.)
[1]: https://www.arm.com/products/processors/technologies/trustzo...