Operating Systems in Chips vs. Secure, Auditable OSes

4 days ago 3

Beneath the surface of nearly every modern computer lies a hidden threat—one most users never see or control. Today’s Intel and AMD processors ship with embedded subsystems like the Intel Management Engine (ME) and AMD’s Platform Security Processor (PSP)—proprietary, low-level firmware environments that operate outside and below your main operating system.

These subsystems have privileged access to your computer’s memory, peripherals, network interfaces—potentially even when the device is idle or powered off but plugged in. This means they can bypass traditional software defenses like antivirus, firewalls, and even OS-level encryption. Once compromised, they offer nation-state attackers a stealth foothold deep within your system.

Security researchers and whistleblowers have long raised red flags:

The Intel ME includes undocumented features that can run while your computer is “off.” In 2017, a critical vulnerability (Intel-SA-00086) revealed that attackers could take full control over ME, undetected, for nearly a decade.

The Shadow Brokers leak, attributed to stolen NSA tools, exposed how U.S. intelligence agencies exploit UEFI and ME firmware to deploy persistent implants. Chinese APT groups have also been linked to firmware-level attacks exploiting BIOS and ME for stealth surveillance.

These attacks leave no trace in standard logs and cannot be mitigated by typical software updates or security tools. They represent a systemic, invisible threat vector—one that few manufacturers are willing to confront directly.

While no vendor using x86 hardware can eliminate ME or PSP entirely, Purism actively disables or neutralizes these subsystems where possible—and goes further than most competitors in doing so. More importantly, Purism doesn’t pretend these threats don’t exist.

Instead of relying on security through obscurity, Purism builds transparency into every layer of the stack:

PureOS, a Debian-based free and open source Linux OS, is readily auditable. There are no backdoors, no hidden telemetry, and no baked-in data mining.
The Management Engine in Intel devices is disabled to the extent possible.
In the case of the Librem 5 smartphone, there is no Intel ME or AMD PSP at all—offering a truly transparent architecture.

If the foundation of your digital life is compromised at the silicon level, nothing else—no app, no VPN, no encryption—can save you. That’s why Purism’s approach of radical transparency and open development is the only meaningful defense in an age of invisible surveillance.

Purism isn’t just building devices. We’re building pressure—from the outside in—to reform an industry that has become dangerously comfortable with secrecy at the deepest levels of computing.

Choose openness. Choose control. Choose PureOS.

Learn more at puri.sm.