If its good enough for the NSA its good enough for me. I want control over that bit, on my hardware. Why should I not have that? So far, I'm not hearing any good reasons.
First off, I completely agree. This really should be something you can disable, because often times it isn't used and it increases attack surface.
You can control that bit, as shown here: http://blog.ptsecurity.com/2017/08/disabling-intel-me.html . Of course, that method isn't documented or officially supported by Intel, and you could brick your machine if you mess up, so that's not exactly what you meant. I think Intel definitely should document it and provide official support. As to why they don't currently, I have some guesses. The first is general lack of interest: it costs money for them to support this new feature for everyone and make sure it plays nicely with everyone's setup, and maybe there isn't enough customer demand for the feature. The second is money: I wouldn't be surprised if they sell their chips to the government with the bit already set in firmware at a markup. Making that easily available to everyone means less money.
