"It has recently come to my attention that many in the free software
movement are unaware of a relatively new development on x86 platforms
that permanently removes the ability to use these platforms without also
continually executing signed, proprietary code at the highest possible
privilege level. All post-2013 (AMD) and virtually all post-2009
(Intel) systems contain this mandatory technology, and therefore, by
design, can never be converted to run using pure FOSS.
These signed, proprietary, binary-only firmware blobs must
execute on the service processor(s) before the main x86 CPU cores are
even released from reset (AMD), or will hard reset the entire system
after around 30 minutes of non-operation (Intel). These blobs continue
to operate on the service processor(s) as long as the system is powered
on, and in the case of the Intel ME they also continue to operate while
the system is powered off but still has access to power (e.g. plugged in
or charged battery attached). These services processors have full
access to system memory and all system peripherals, effectively giving
the binary blobs executing on them a higher privilege level than even
the operating system kernel. Due to the ability to access system
peripherals, these proprietary blobs could easily contain code to
exfiltrate encryption keys, remotely activate microphones and cameras,
plant unwanted data, or simply remotely disable the ability of the
machine to boot FOSS operating systems entirely. Finally, the Intel ME
firmware can be forcibly updated by a remote entity; it is unknown
whether the AMD PSP contains similar functionality at this time."
http://mail.fsfeurope.org/pipermail/discussion/2016-April/010912.html