100%
GRIMOIRE
GrimoireDindon CorpusSynthesis VolumesThe Foundation of Iron
FRENAR
RATIO
STRUCTURAL STUDY · OPÉRATION DINDON · JUNE 2026
◆◆◆
THE MATERIAL
BLACK BOX
Intel Management Engine · AMD Platform Security Processor
Lock-In at the Silicon Level
◆ THE THESIS

The organisation that believes it has freed itself from cloud by buying bare-metal but runs on Intel or AMD silicon with unauditable proprietary firmware has solved a software dependency problem to fall into a potentially deeper hardware dependency problem. Hyperscaler lock-in is at the software level. Hardware lock-in is at the silicon level. This study documents the second dimension of the material layer: the hidden processors in every server, their nature, and what they mean for sovereignty.

◆◆◆
INTEL ME
Since
2008
AMD PSP
Since
2013
WATERMARK
RATIO
Amine RAITI — Infrastructure Architect & SRE
Former engineering school professor · Teaching since 2006
Public document · CC BY-NC-SA 4.0 · Opération Dindon · June 2026
RATIO
1
SECTION 1 · THE INTEL MANAGEMENT ENGINE — THE SECOND COMPUTER IN THE SERVER
EVERY INTEL PROCESSOR CONTAINS AN INDEPENDENT COMPUTER LINUX DOES NOT CONTROL

Since 2008, every Intel processor integrates a subsystem called the Intel Management Engine (IME). This is not an optional feature. Not an external component. It is a secondary processor etched into the main CPU die, with its own firmware, its own operating system (MINIX 3), and its own access to memory, network and storage.

◆ WHAT THE INTEL MANAGEMENT ENGINE DOES

The IME was designed for remote enterprise server management — allowing a sysadmin to restart, reconfigure or diagnose a server without being physically present. This function is legitimate and useful. What is problematic is its architecture:

It runs independently of the OS: Linux, Windows, BSD — no operating system controls the IME. It runs below the kernel level. It is invisible to standard audit tools.

It functions when the server is "off": as long as the server is powered (even in deep standby), the IME is active. It can receive network instructions and execute them without the main OS being started.

It has independent network access: the IME can communicate on the network via channels distinct from those used by the OS. On some motherboards it has its own dedicated network port.

Its firmware is proprietary: Intel does not publish the IME firmware source code. It cannot be audited or easily replaced. Partial disabling attempts exist (me_cleaner) but are not guaranteed complete.

◆ AMD PLATFORM SECURITY PROCESSOR — THE SAME PROBLEM ON AMD SIDE

Since 2013, AMD processors integrate the Platform Security Processor (PSP) — also called AMD Secure Technology. It is based on an ARM Cortex-A5 architecture, has proprietary firmware, and similar functions to the IME: pre-OS execution, memory access, hardware-level security management.

AMD has published more technical specifications than Intel on this component, but the firmware remains proprietary and not fully auditable. The coreboot community is working on alternative implementations but coverage is partial.

RATIO
2
SECTION 2 · WHAT THE MATERIAL BLACK BOX MEANS FOR SOVEREIGNTY
BUYING BARE-METAL WITHOUT MASTERING IME/PSP — RELOCATING THE LOCK-IN
◆ THE FIRMWARE JURISDICTION CHAIN

The Intel IME firmware is developed and distributed by Intel Corporation, headquartered in Santa Clara, California. Firmware updates are cryptographically signed by Intel. They are distributed via the motherboard manufacturer's update channels (Dell, HP, Lenovo, Supermicro) which incorporate them into their own BIOS/UEFI updates.

This firmware is subject to US law. It is subject to National Security Letters. It is subject to the CLOUD Act in its dimension of information system control. An organisation running sensitive data on Intel servers believing it has freed itself from US cloud is in fact running that data on unauditable US firmware.

This is not speculation. It is the logical consequence of IME architecture and US law as documented in Terms Under the Microscope.

◆ WHAT THE SRE CANNOT DO WITH THE IME

An experienced Linux administrator has access to everything: kernel, drivers, logs, hardware metrics, system calls. They can audit virtually any layer of the system. The IME is the exception — the layer that escapes their technical authority.

They cannot read IME logs without special (and partial) tools. They cannot inspect IME network traffic with tcpdump — the IME operates below the network interface. They cannot disable the IME without risking destabilising the server (some BIOS functions depend on IME). They cannot verify IME firmware integrity with standard audit tools.

The Technical Primacy documented in the corpus stops at the IME's surface. Below: proprietary terra incognita.

◆ THE PARTIAL ANSWERS THAT EXIST

Coreboot: open-source alternative firmware for BIOS/UEFI, supported on a limited number of motherboards. Can reduce IME exposure without eliminating it completely.

me_cleaner: tool attempting to neutralise non-essential IME modules. Partial results, destabilisation risks, not officially supported.

RISC-V + open processors: the 10-15 year horizon. RISC-V processors without IME exist but are not yet available in high-performance datacentre versions.

IBM POWER + OpenPOWER: existing alternative with a higher level of auditability than x86 processors. Different cost and software ecosystem.

RATIO
3
SECTION 3 · THE THREE LOCK-IN LAYERS — COMPLETE SYNTHESIS
CONTRACTUAL · SOFTWARE · MATERIAL — TOTAL DEPENDENCY MAPPED
LAYER 1 — CONTRACTUAL

What it is: California jurisdiction (GCP §14.12), noncancellable commits, egress fees, unilateral price modification, possible government access (CLOUD Act).
How to exit: change vendor, renegotiate contracts, choose sovereign MSP. Difficult but possible — documented in The Accompanied Exodus.
Corpus study: Terms Under the Microscope.

LAYER 2 — SOFTWARE

What it is: proprietary dialects (DynamoDB, BigQuery, Lambda), proprietary certifications, newspeak destroying neutral skills, application code speaking the vendor's language.
How to exit: Sovereign Interface (Anti-Corruption Layer), progressive migration (Gentle Exit), rebuilding neutral skills (Foundation of Iron). Slow but doable — documented in the corpus.
Corpus studies: Sovereign Interface · The Newspeak That Costs Dear.

LAYER 3 — MATERIAL

What it is: dependency on TSMC/ASML for new GPU servers (The Taiwan Bottleneck), proprietary unauditable Intel ME / AMD PSP firmware (The Material Black Box), strategic value of existing hardware in supply crisis (The Strategic Refurbished).
How to exit: own existing hardware (immediate horizon), coreboot/me_cleaner (partial, complex horizon), RISC-V + sovereign foundries (10-15 year horizon). No simple solution today.
Corpus studies: Digital Iron · Taiwan Bottleneck · Material Black Box · Strategic Refurbished.

◆◆◆

The contractual layer is visible — it is in the Terms.
The software layer is visible — it is in the code.
The material layer is invisible — it is in the silicon.

The Opération Dindon corpus documented all three.
The third layer is the only one the Terms do not mention.
It exists nonetheless.

◆◆◆
NEMO SUPRA LEGEM EST