There are several functionalities provided by these systems:
* System Control Processing. This means that the PSP / ME handle early boot (bringup) and peripheral management, especially in low-power and sleep modes. So from a "popularity" standpoint, 100% of systems with these processors are using them for this reason alone.
* Firmware TPM (AMD fTPM / Intel PTT). This provides the Trusted Platform Module API using a Trusted Application running in the management engine, rather than a dedicated TPM chip. It's commonly used with Windows for BitLocker, especially on AMD platforms, and Linux users who like keeping their disks secure will use it as well. It's less vulnerable to bus snooping attacks, since on AMD it's embedded in the CPU package and on Intel nobody's reverse engineered the bus interface between the PCH and the CPU to see if key extraction is possible like it is for unencrypted standalone TPM. TPM also has other uses, like Secure Boot measurement attestation (hashes) and arbitrary key enrollment, which are of course also provided by fTPM when available. From a popularity standpoint this is used on 100% of modern AMD systems running Windows 11.
* Virtual Machine encryption/isolation (AMD SEV for example).
* Widevine L1 video DRM support on Chromebooks. I think it might also be used for PlayReady on Windows, but I'm less familiar with this system.
* Custom TrustApps. AMD PSP provides a standard GlobalPlatform / ARM TEE (Trusted Application Environment). I'm not aware of anyone besides Google (Chromebooks use it for trusted boot, SecureDebug validation, Widevine, etc.) actively using it in widespread deployment yet, but I'm sure someone is working on it. It has application basically anywhere Intel SGX was used, for example, for secure / segregated key management, data processing, etc. (Signal use SGX extensively for this).
* Remote management (Intel vPro). This is the thing that causes people to freak out about Intel ME. It's somewhat popular in enterprise beige-laptop deployments, although it's limited to network interfaces with driver support in the ME firmware (Intel Ethernet and WiFi). Arguably more bug-ridden and horrible external third-party management engines like iDRAC are still more popular in the datacenter.
It's mentioned in part 1 of this post, that the PSP is what actually boots the processor (among other things, it sets up the memory controller), so it's used in the real world every time you turn on your AMD-based computer.
SGX was used by video DRM on intel platforms. As SGX no longer exists in modern intel processors, its not really doable anymore. netflix drm and the like are probably done on gpu, not on cpu (but I could be wrong)
It's actually impossible to have a "legal"/commercial 4k bluray setup today on modern PCs/CPUs, as they will only license it to players that can use SGX and as noted SGX no longer exists. (of course this doesn't prevent one from using vlc / libaacs and the like).
Any idea why Xeons would still contain this feature? Is it for backwards compatibility for their corporate customers or are there reasons that someone would still use it in modern applications in 2024?
my guess is that its not used by the ARC dGPUs which have their own equivalent for it? But I guess it makes sense to use it for iGPUs.
With that said, seems sketchy to send untrusted data to the ME which is essentially an independent computer, running an independent OS with the ability to have persistent state. Seems like a security failure waiting to happen.
Signal Private Messenger built private contact discovery and secure value recovery using Intel Software Guard eXtensions (SGX), similar to AMD Secure Memory Encryption (both usually used for DRM).
