The scenario that Intel system architects, engineers, and security specialists perhaps feared most is now a reality. A vulnerability has been found in the ROM of the Intel Converged Security and Management Engine (CSME).
http://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
http://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html