diff --git a/README.md b/README.md
index aa6c3f3..41a9c20 100644
--- a/README.md
+++ b/README.md
@@ -50,16 +50,6 @@ source ~/.cargo/env
 ./scripts/qemu.sh
 ```
 
-## Intel Management Engine
-
-The IME is present, but disabled. This is accomplished by [sending a HECI
-command on boot][heci_disable], before RAM is initalized. This puts the IME in
-a state similar to setting the HAP bit on earlier platforms. [me_cleaner] is
-not used as it does not support IME version 14.0.
-
-[heci_disable]: https://github.com/system76/coreboot/blob/f3ba5937e778105cb7e75de9a1d4adf54ea825e5/src/soc/intel/cannonlake/me.c#L186
-[me_cleaner]:https://github.com/corna/me_cleaner
-
 ## Contents
 
 - [apps](./apps) - Applications
diff --git a/README.md.in b/README.md.in
index bd719d9..9b99ef6 100644
--- a/README.md.in
+++ b/README.md.in
@@ -49,13 +49,3 @@ source ~/.cargo/env
 ```
 ./scripts/qemu.sh
 ```
-
-## Intel Management Engine
-
-The IME is present, but disabled. This is accomplished by [sending a HECI
-command on boot][heci_disable], before RAM is initalized. This puts the IME in
-a state similar to setting the HAP bit on earlier platforms. [me_cleaner] is
-not used as it does not support IME version 14.0.
-
-[heci_disable]: https://github.com/system76/coreboot/blob/f3ba5937e778105cb7e75de9a1d4adf54ea825e5/src/soc/intel/cannonlake/me.c#L186
-[me_cleaner]:https://github.com/corna/me_cleaner
diff --git a/docs/intel-me.md b/docs/intel-me.md
new file mode 100644
index 0000000..7ec7ade
--- /dev/null
+++ b/docs/intel-me.md
@@ -0,0 +1,16 @@
+# Intel Management Engine
+
+Intel-based machines by System76 come with the [Intel Management Engine][wiki]
+disabled. It is a proprietary, mostly undocumented, system that provides many
+extraneous features that are generally not usable or useful to our users, with
+multiple known vulnerabilities that compromise the entire system.
+
+The Intel ME is _required_ (since Nehalem, 2008), so cannot be removed. The
+[me\_cleaner] project is able to remove non-essential components, but currently
+does not support the ME version used on many of our systems. Instead, we [send
+a HECI command][heci_disable] to tell the Intel ME to disable runtime
+components during early boot.
+
+[wiki]: https://en.wikipedia.org/wiki/Intel_Management_Engine
+[me\_cleaner]: https://github.com/corna/me_cleaner
+[heci_disable]: https://github.com/system76/coreboot/blob/011439cb9196d6a71d394ead8c98dfd8ead325d4/src/soc/intel/cannonlake/me.c#L186