It's not the largest, but against advanced targets who have a chance of detecting other attack vectors, it's a realistic threat. "We don't need this kind of security" is probably true for specific (and even broad) definitions of "we", but it's not universally true and it's not an argument for the technology not existing. Like I said elsewhere, I'm not convinced that the way it's currently being deployed provides anywhere near enough extra security to justify the loss of owner control, but we shouldn't conclude that it means this technology has no legitimate use cases.
> If you're a journalist or an activist dealing with governments that have a track record of targeting people like you, it should probably be part of your threat model.
But considering what we know about the NSA, at least Intel's Management Engine is likely backdoored. So any anti-USA journalist/activist has probably to worry about that too. And an even bigger threat is industrial and diplomatic espionage of non-USA companies and countries using these processors.
(Also could be extrapolated to other countries' secret agencies for potential Huawei, Russian processors, if those ever get popular, like Huawei's control over EU's telecommunications.)
With we don't need that kind of security I was talking about average home computer user (the one for which the personal computer was created!) that buys a computer to use it for normal everyday tasks.
There are situations where that kind of security is required, of course, but they are not something that you should worry about if you use the computer to watch YouTube videos and thus I don't think that makes any sense at all to be present on a consumer PC.
Then I believe it prudent to make such security optional. But enforcing secure boot to me is currently a Microsoft DRM feature, despite the otherwise sensible security consideration that went into the development of it.
Especially if you extend features like remote attestation, it is more about user control than user security.
