Hi Taiidan!
Is it worth figuring out how to externally re-flash grey market "intel" nics - or is the onboard NVM flash unable to do anything too terrible? In the newer (the 3 digit i/x series like i350, x540 etc) nics intel has added a "security" flash write protect feature so I imagine their flash stuff isn't as potentially innocent as in the older chips. If so does anyone how to do this?
I only had a look at the i210 NIC and it can have settings like the MAC address, an x86 option ROM for network boot, a firmware area (IIRC that was ARCompact code) and a segment for some sort of provisioning data in the external flash chip: https://www.intel.com/content/dam/www/public/us/en/documents/datasheets/i210... (section 3.3)
To get code execution on the host, the option ROM would be the easiest option.
The network card will probably still work if only the section containing the configuration and MAC address is there; it would be interesting if you tried that and report back the result. It would also be interesting if you can prevent writes to the then unused parts of the flash so that the now missing sections can't be added without an external programmer (IIRC you need to desolder the flash chip in order to read/write it with an external programmer).
Regards Felix