That's why the OS should check to make sure the ME is still disabled and not boot otherwise, or signature check it somehow, create a hardware indicator, etc. But then there's still the harddrive firmware and who knows what else.
Still, this is upping the bar quite a bit if you're security conscious. In security all you can do is make the attackers lives harder, you can't fool proof it.
Plus they mentioned two different open source tools to disable it yourself (via software, not hardware as they do here). So you can buy a laptop with cash off craigslist and do it yourself if you're super paranoid.
"But then there's still the harddrive firmware and who knows what else."
Graphics card blobs, wifi cards blobs, etc. Just about every vital subsystem on a modern PC/phone/tablet etc. has been compromised by design through closed device drivers so that someone with enough skills and access to those information (such as some 3 letter agencies) can create a sort of covert channel where data can be computed, read or stored and transmitted without any means of intercepting that by any applications, because every part it's going to pass through contains some closed code that can be instructed to encrypt and tunnel the data from one place to another.
This came to mind years ago when I was struggling with a network card requiring a firmware blob that refused to load. I started wondering why were they making things so complicated for users and admins by keeping drivers closed; that blob could have contained just about every possible malware in existence and I would never have noticed it. Then I had a flash: disk drives also contain closed firmware, and video cards too. I recall having thought "heh, if they had a blob into the CPU as well they could close the circle and build a system where they can move information inside the machine or receive/transmit them from/to the external world completely unbeknown to the user. Then years later I read about Intel ME and got a thousand flashes because I almost saw that coming.
To me there is no such thing as a trustworthy system anywhere in the world, at least not until every single line of its software, firmware and hardware has been opened for public scrutiny. There is too much at stake, and surveillance is a damn rich business both for companies and people in power.
I think you may be interested in a development of a stateless laptop [1] by Joanna Rutkowska. They are trying to prevent any data storage outside of the user knowledge and control.
Still, this is upping the bar quite a bit if you're security conscious. In security all you can do is make the attackers lives harder, you can't fool proof it.
Plus they mentioned two different open source tools to disable it yourself (via software, not hardware as they do here). So you can buy a laptop with cash off craigslist and do it yourself if you're super paranoid.