There was more mentioned. The BMCs and MEs being proprietary, all-powerful, and insecure. The DIMM thing applies to other devices too, like SSD wear-leveling controllers. Then there's the whole trusted boot Pluton/TPMs thing: where you have to "measure" all these proprietary firmware blobs and bless them as trusted knowing very little about them, often nothing really other than they were there in option ROMs before you even booted the thing for the first time. The list is not insignificant.