You can if the manufacturer has a track record that refutes the notion, and especially if they have verifiable hardware matching publicly disclosed circuit designs. But this is Intel, with their track record, I wouldn't trust it even if the schematics were public. Intel ME not being disable-able by consumers, while being entirely omitted for certain classes of government buyers tells me everything I need to know.

By design, you don't trust it. You never hand out the keys so there's no secret to back door. The task is never unencrypted, at rest or otherwise.

> That's my point, this sounds like a way to create a backdoor for at-rest data.

I get the feeling honestly it seems more expensive and more effort to backdoor it..

Well yeah... You do the initial encryption yourself by whatever means you trust