Because of the SMI/ACPI/Intel Management Engine/AMD Secure Technology/UEFI, and optionally AMT-complex, where usually only parts of can be deactivated partially, but never all of it.
It's actually more bad than the above mentioned ARM-stuff, which is misinformed(maybe because of raspberry piish broadcomisms, or locked down dumbphones), because on ARM, you either can disable that stuff, or even can run your own instead.
You would need to go back to ~2005-era Intel x86 CPUs to have x86 without a backdoor baked into the silicon (as far as we know), like Pentium 4. The Core 2 / Q6600 / P35 chipset already had an early version of it. Wikipedia says AMD added their equivalent, the Platform Security Processor, around 2013, so their best CPU from 2012 would be the FX-8350.
I mean technically there's nothing they can do that SMM couldn't - introduced in a revision of the 386. It's code running with system permissions invisible to the "parent" user code and OS.
You're already pretty much trusting the same people then as now, at least if they are "actively malicious".
Since the first time that I saw this here in HN I've been sharing it with several people around me. This including CS students, CS professors and non-technical people who only asked "how does a computer work?". I only say "just type 'cpu.land' and read that". This is one of the best things that I've found here.
No problem really, I think most people want to bootstrap quickly from the low level into the higher abstractions that they care about, few people want to stay down in the cpu itself.
Fortunely there is still x86
No, you don't.
Because of the SMI/ACPI/Intel Management Engine/AMD Secure Technology/UEFI, and optionally AMT-complex, where usually only parts of can be deactivated partially, but never all of it.
It's actually more bad than the above mentioned ARM-stuff, which is misinformed(maybe because of raspberry piish broadcomisms, or locked down dumbphones), because on ARM, you either can disable that stuff, or even can run your own instead.
https://www.trustedfirmware.org/projects/op-tee/
https://github.com/OP-TEE
https://docs.kernel.org/next/tee/op-tee.html
You're already pretty much trusting the same people then as now, at least if they are "actively malicious".
Anyway, it will be maybe a few years until the governments will get the idea of enforcing their own management engines into our hardware :/
For me personally I was surprised given the name that very little is about cpus and most of the material is in the operating system.
God bless
Being able to explain something this simply usually requires a very good understanding of the entire subject.