At least Intel ME is actually in the PCH, so it's theoretically possible to bring up an Intel CPU without it by developing a replacement chip but from what I understand the PSP is integrated into AMD CPUs so there would be no way to develop a replacement. Both have had a lot of vulnerabilities though and there's been some success in partially disabling ME, nothing that I know of on PSP though. There have been plenty of vulnerabilities in both, so I wouldn't say it's hopeless even if ME did get chip integrated.

I'm not sure why you think the government has anything to do with it though. I don't know what motivated them but I would suspect DRM lobbies first.

Technically yes, you were right, there is a chance for us to intercept the communication between PCH and the Intel CPU then reverse engineer the protocol or even directly RE the PCH chip and create a substitute. But how practical, I don't really know. Firstly, the effort required is beyond most people can afford IMO. Put those cost/effort etc. aside, there might some undocumented CPU features actually need ME to work and if I were the designer, I would at least use signed if not encrypted payload, then make the RE process much less likely.

Regarding why I was thinking the government(s) involve in it, actually it quite natural. At the very beginning, I would say it might be for IT management purpose only, and soon someone just like you mentioned DRM etc. get added to it. And I don't see a reason why government(s) don't see the value of it and would not want to get in as there is nothing better for large scale surveillance: built-in with almost every single machine, have access to virtually everything on the machine, powerful enough to do what ever they might want to do and most importantly, most people have no idea about it and even if someone like us happen to know it but nonetheless, we still almost absolutely have no way to remove it or at least disable it.

I'm sure states have an interest in these backdoors but I don't know of evidnece they're directly involved with it yet. It would be a natural fit as you say of course.

> Technically yes, you were right, there is a chance for us to intercept the communication between PCH and the Intel CPU then reverse engineer the protocol or even directly RE the PCH chip and create a substitute. But how practical, I don't really know. Firstly, the effort required is beyond most people can afford IMO. Put those cost/effort etc. aside, there might some undocumented CPU features actually need ME to work and if I were the designer, I would at least use signed if not encrypted payload, then make the RE process much less likely.

Well, yes, but I see this more as a project that would show up at DEFCON as a hack or maybe something commissioned by System76, Purism, Raptor, Pine or one of these companies.

You can't bring up an Intel CPU when BootGuard is enabled, only Intel-signed firmware works for those.

Has anyone reverse engineered the link between the CPU and the PCH? I think it’s called DMI.