Here’s the thing: the machines Europe is building to keep data out of American hands still have American hearts. Specifically, Intel and AMD processors. And buried deep within those processors, a hidden realm exists—a computer beneath the computer, operating at a privilege level so profound it laughs at operating systems and firewalls.
This isn’t some theoretical “what if.” It’s about the Management Engine (ME) on Intel chips, or the Platform Security Processor (PSP) on AMD. These aren’t just components; they’re essentially co-processors with their own firmware, memory, and even network interfaces. They operate in what security researchers grimly refer to as Ring -3, a layer of abstraction so deep it’s practically a digital underworld, invisible and inaccessible to the very operating systems tasked with protecting the data above.
The implications for Europe’s ambitious “digital sovereignty” push, which involves pouring over €2 billion into initiatives like IPCEI-CIS and France’s SecNumCloud framework, are stark. These frameworks, with their nearly 1,200 technical requirements, promise immunity from extraterritorial laws. They certify the cloud infrastructure, the software, the configurations. But they—and this is the critical oversight—don’t, or perhaps can’t, assess the silicon itself.
The Ghost in the Machine Architecture
Think of it this way: you can meticulously build a fortress, fortify every door and window, and set up elaborate security patrols. But if the very foundation of that fortress—the bedrock it rests upon—has a secret tunnel you didn’t know about, your entire security apparatus becomes a paper tiger.
That’s the danger with the ME and PSP. These aren’t simply obscure bits of code. Intel’s Active Management Technology (AMT), for instance, enabled by the ME, offers legitimate remote management capabilities. Keyboard, video, mouse redirection; storage access; even power control. It’s designed for IT administrators managing vast fleets of servers and workstations. But it also opens up at least four TCP ports—16992 through 16995—on provisioned devices. The catch? The attack surface exists even on unprovisioned hardware. And the traffic generated by these management engines uses the host’s MAC and IP addresses, making it virtually indistinguishable from legitimate network activity to any firewall.
This isn’t just a hypothetical vulnerability. Microsoft documented back in 2017 how a nation-state actor, codenamed PLATINUM, exploited Intel’s Serial-over-LAN (SOL) feature. SOL traffic traverses the ME before reaching the host TCP/IP stack. The host firewall saw nothing. Endpoint security tools were blind. The attacker didn’t need to find a software bug; they exploited a feature. All it required was for AMT to be enabled—and in many documented cases, the credentials were the factory defaults, often a simple “admin” with no password.
Is the Computer Ever Truly Off?
Then there’s the matter of power. You turn off your laptop, right? It goes dark, battery drain stops. Except, not really. On modern platforms employing technologies like Microsoft’s Modern Standby, “off” doesn’t mean “all subsystems unpowered.” The chips running the ME remain in a low-power state, drawing enough energy to drain a battery over weeks. This persistent low-power mode, coupled with the potential for firmware tampering during transit through the supply chain—a scenario that worries security experts like John Goodacre—means a seemingly powered-off laptop could, in theory, connect to a rogue network without the user’s knowledge.
This isn’t just about espionage. It’s about a fundamental disconnect between what users and even system administrators think they control and the reality of hardware architecture. Professor Aurélien Francillon’s work, demonstrating how hard drive firmware could silently exfiltrate data, paints a broader picture: trust in the hardware stack itself is becoming a perilous assumption.
Europe’s Blind Spot: The Processor’s Core
Europe’s digital sovereignty efforts are built on a crucial premise: establishing control over data and infrastructure. The irony is that the very processors powering these sovereign cloud initiatives are subject to laws like the US Reforming Intelligence and Securing America Act (RISAA) 2024, which can compel hardware manufacturers—and by extension, their embedded components—to comply with secret government orders. While European frameworks certify the clouds, they seem to stop short of auditing the deeply embedded, inaccessible firmware of the silicon powering them.
This architectural reality creates a profound dilemma. Can digital sovereignty truly exist when the fundamental processing units are, in essence, foreign-controlled territory? The answer, based on the current state of processor architecture and the limitations of existing certification frameworks, feels increasingly like a resounding ‘no.’ The multi-billion euro investment in sovereign clouds might be building impressive digital fortresses, but if the bedrock is compromised, the entire structure remains vulnerable.
A Blinding Oversight
The ME does not stop when the machine appears to. Users recognize the symptom: a laptop powered off and stored for weeks is found, on next boot, to have a depleted battery.
This isn’t a small detail. It’s a gaping chasm in the logic of digital sovereignty. The ME has its own network stack. It can mimic the host’s network identity. It operates below the OS and any security software. When the continent is striving for digital autonomy, this inherent architectural vulnerability—a feature of the silicon itself, not a bug to be patched—represents a critical, perhaps insurmountable, roadblock.
