Sidestepping the Intel Management Engine
I like the Libreboot project and have been succesfully able to install that on an old T60 thinkpad, however I prefer the desktop computer for my day to day needs. The problem with that is I have an older Dell optiplex with an intel socket 775 processor and I've wondered about how vulnerable I might be via the Intel Management Engine since there isn't a free bios yet for my pc. However I found a possible way to sidestep that here: https://msfn.org/board/topic/183028-old-processors-minus-intel-management-engine/
Yes I know it's a WinBlows forum, but if the technique shown on that thread works, it would be something GNU/Linux lovers could use to shut up the IME from going online until a better bios is available. Just something I thought I'd share. :)
It would definitely be good if that does work!
If you can (or are interested in learning how to) flash the chip, however, it is in fact possible to remove most of the ME: https://firmwaresecurity.com/2016/11/30/me-cleaner/ . The part that remains is only involved in the initial boot process and almost certainly does not go online.
Desktop motherboards are less affected by Boot Guard, so it's possible to neutralize ME on much newer platforms.
Our community has been working on 6th and 7th generation Core platforms. I plan to build a cheap mini desktop using H170 motherboard and Pentium G4500T processor.
If I may ask, what kind of community are you speaking of?