User2288 Is there an equivalent to Intel ME on pixel 6+ ?
I think the answer is "not as designed".
- The external world (Wi-Fi, Bluetooth, cellular modem, USB, NFC, GPU) are isolated via IOMMUs.
- Some of the security implementation runs in TrustZone, which is ARM's enclave system. My (non-expert) understanding is that TrustZone splits all of the hardware on the system, including memory and I/O devices, into two compartments, and that code running in either compartment can't access hardware in the other compartment. If I have that right, the Linux kernel can't access the TrustZone compartment and the TrustyOS code in the TrustZone compartment can't access the Linux kernel's compartment, though there is some facility for sending messages between them.
Note, however, that everything contains bugs. I believe people have uncovered bugs in older implementations of TrustZone, though I am not familiar with the details. And IOMMU isolation doesn't stop a situation where the network hardware delivers a genuine packet to the shared packet-buffer space and then a bug in the Linux kernel's interpretation of that packet results in an exploit.
Overall, my (non-expert) sense is that on Intel platforms the Management Engine is designed to be powerful, so it can implement things like remote tracking and remote wipe for stolen laptops, whereas modern ARM platforms found in phones are designed not to have these features.