Look up the Intel Management Engine and AMD Platform Security Processor and prepare to not be surprised. It's essentially another computer inside your computer that bypasses all security, with various vulnerabilities found in it over the years. If the government mandates anything, it's likely just to give themselves access.
There was also a defcon talk I saw a while back where a guy found hidden instructions in some x86 processors that allowed you to dump abitrary memory. Ostensibly for debugging, but they're there. On a modern chip, a lot of the instructions are handled by microcode - it's computers and software all they way down and there's no way to verify it.
But for Intel there is the me_cleaner project but it seems to be dead(is a bunch of scripts that lets you modify the BIOS to remove ME/enable the ME killswitch bit, but it will require you to get an external programmer) but how effective it is depends on how new the CPU is.
CPUs up to Nehalem, can have the whole ME firmware removed rendering it completely useless.
CPUs from Nehalem up to Broadwell, the ME bootloader is preserved to disarm the killswitch in case ME is damaged(in case ME is damaged the PC will automatically shut off after 30 minutes)
Newer CPUs is not really effective as more core parts of ME need to be present
But researchers also discovered a bit(the HAP bit) in the ME firmware that once turned on ME becomes inoperable after initializing the ME hardware and disabling the PC automatic shutoff, but not sure how much you can trust it.
Look up the Intel Management Engine and AMD Platform Security Processor and prepare to not be surprised. It's essentially another computer inside your computer that bypasses all security, with various vulnerabilities found in it over the years. If the government mandates anything, it's likely just to give themselves access.
There was also a defcon talk I saw a while back where a guy found hidden instructions in some x86 processors that allowed you to dump abitrary memory. Ostensibly for debugging, but they're there. On a modern chip, a lot of the instructions are handled by microcode - it's computers and software all they way down and there's no way to verify it.
Is there a vulnerability that lets me shut it off?
For AMD i'm not aware of such methods .
But for Intel there is the me_cleaner project but it seems to be dead(is a bunch of scripts that lets you modify the BIOS to remove ME/enable the ME killswitch bit, but it will require you to get an external programmer) but how effective it is depends on how new the CPU is.