At user request, the Intel i7 CPU in the Purism 15 was chosen to include VT-d support (needed for Qubes security, which isolates the GPU to a single driver VM) and to exclude support for the black box Intel ME hardware (vPro).
In contrast, on virtually every mainstream laptop with VT-d, you are forced to use a CPU which includes Intel ME/vPro support.
ME is in the chipset and not the CPU[1][2]. Chances are the silicon for it is there and working, but Intel doesn't officially "support" ME with that chipset+CPU combination and supplies firmware that doesn't use it. It doesn't necessarily mean there is no ME capability that could be exploited.
IMHO "support" has become a bit of a weasel-word today, meaning everything from "it's physically impossible because the hardware doesn't even have the circuitry" to "it's all there and functional, but we just don't want you to use it". In between are things like disabled via undocumented hardware jumpers or software settings (remember how certain AMD CPUs could have extra cores "unlocked"? Same principle.) The older models without ME are the former, but I'm almost willing to bet that the latter is the case of the newer CPUs and chipsets.
It will be good to run some tests against the Purism 15 motherboard, at least to evaluate the dormancy/presence of the Intel ME via publicly known interfaces.
It's still a step in the right direction to be able to buy a laptop with a CPU that "does not support" the Intel ME, because it will permit some testing of the Intel claim. It also helps that Purism is using non-Intel components for wired and wifi networks, since Intel ME/AMT/vPro requires Intel networking.
> It will be good to run some tests against the Purism 15 motherboard, at least to evaluate the dormancy/presence of the Intel ME via publicly known interfaces.
The ME is required to be able to boot contemporary Intel devices. It's required to do power management for years. There is no way they ship a device with Intel CPUs and no ME.
What they can do is ship a system without the AMT/vPro features that are implemented in ME firmware. The difference being if the firmware for that part of the chipset is 2MB or 6MB. If you want to know what Intel requires 2MB of firmware for a chip that isn't supposed to be very active, I have no idea either.
But given that the 6MB firmware supports intercepting USB (for keyboard and mouse) and the GPU to route them over the network interface for the soft-KVM feature, be aware that the chip has these capabilities in hardware, no matter the firmware. It just doesn't use them (or so Intel claims).
In contrast, on virtually every mainstream laptop with VT-d, you are forced to use a CPU which includes Intel ME/vPro support.
http://ark.intel.com/products/84993/Intel-Core-i7-5557U-Proc...