Anything that you connect to the system bus can compromise the system.
Of course, ME has easier time doing that. But any ROM you can't inspect, any binary blob you load can do that.
I suppose that if you want this level of impenetrability, you have to go with everything custom. Could your memory controller scheme against you and alter RAM contents when a backdoor pattern is encountered? Do you trust IBM to not put a backdoor or a kill switch in your POWER9?
Implement your CPU, memory, bus, and disk controllers, NIC logic, etc, in FPGA. Build your own RAM with controllers you program, don't trust DIMM manufacturers. Write your own or adopt open booting software, same with firmware for the peripheral devices.
You'll get a very high security computer where a backdoor has basically nowhere to hide.
Of course, ME has easier time doing that. But any ROM you can't inspect, any binary blob you load can do that.
I suppose that if you want this level of impenetrability, you have to go with everything custom. Could your memory controller scheme against you and alter RAM contents when a backdoor pattern is encountered? Do you trust IBM to not put a backdoor or a kill switch in your POWER9?
Implement your CPU, memory, bus, and disk controllers, NIC logic, etc, in FPGA. Build your own RAM with controllers you program, don't trust DIMM manufacturers. Write your own or adopt open booting software, same with firmware for the peripheral devices.
You'll get a very high security computer where a backdoor has basically nowhere to hide.
Alas, it won't fit the restrictions of a laptop.