Intel to no longer allow rollbacks of Management Engine?

The Register noticed that Intel is taking measures to prevent downgrades of the Management Engine that is found in the chip giant's processors. This is a controversial feature because it's basically a hidden layer and operating system that runs on the processor, users can't see what it does and it's recently been proven that it can be exploited.

Anyway, starting with Management Engine version 12, Intel implemented a feature that can disable rollbacks. At the moment, the feature is disabled by default but Intel recommends customers to enable it and may soon turn it on by default.

A recent confidential Intel Technical Advisory posted to GitHub stated that starting with ME version 12, the chip's Security Version Number (SVN), which gets incremented with updates to prevent rollbacks, "will be saved permanently in Field Programmable Fuses (FPFs) as a means to mitigate physically downgrading Intel ME [firmware] to a lower SVN."

FPFs, once set, become read-only memory (ROM) and cannot be easily altered. And the presence of this immutable value provides Intel's security measures with a way to validate firmware versions in order to avoid a version rollback.