With the ability to include a billion gates for a few dollars, today’s engineers have been unable to resist good ideas that add function to computing systems. As far as I can tell some of these features, such as GPU’s, are added without consideration of what the authority of GPU programs should have. Perhaps they have soundly considered and made wise decisions but if the kernel designer is unaware of the decisions security will not ensue. Where are those decisions recorded. These decisions are sometimes made by system integrators who seldom announce their decisions.

When paging style memory maps were introduced in about 1965, CPU designers seemed to understand the purpose and constrained ‘user mode’ programs to obeying rules for accessing memory. I have no reason to think that any of the fancy instructions describe in the Intel Architecture Instruction Set Extensions Programming Reference (Aug 2015) violate this plan.

Intel processors have sub-basements where poorly documented programs with infinite authority make things happen.
SMM System Management ModePlace for Dell and Apple to put code that is savvy to physical details of the system into which the Intel chip has been installed.
ME Manageability Engine Place to put software that responds to ‘Power On’ button or reboot command issued from control room of big data center
AMT Active Management Technology Hardware to support ME (An ARC processor) WikiP
SGX Software Guard ExtensionPure Intel Protection Domain which Intel can use to convince Hollywood to show their movies on Intel processors. My note.
(only non-privileged instructions)
SGX??, ?, Rutkowska