Intel ME is to the best of our knowledge disabled through the mechanism common for the 10th gen. Although there still is the FSB blob from intel inside the coreboot image otherwise the system would not work. This means that the risk for backdoors is significantly reduced, although there might be risks we don't know due to the FSB, but as of today we are not aware of any. Building our own netbook type device with your ideas is not really possible for us as Nitrokey at this point.