Hello fellows
I was wondering which side would be better:
Having some old Thinkpad but with coreboot/linux installed and the ME therefore disabled, but having security flaws with ancient cpus and no microcode updates?
or
Having some new high end device, with proprietary uefi and just linux?
I‘m bothered about those 2 options… Privacy and Security are going hand in hand for me and with this consideration Coreboot/Libreboot just seem to be useless nowadays.
Yes, an old laptop without any security updates is going to be less secure, than a modern day laptop with all security updates, but this is true for all firmware.
You can run Coreboot on modern day hardware, and it supports most security features.
The biggest difference is probably going to be Intel BootGuard vs. Coreboot vboot, but the downside of BootGuard is that it removes all control of the firmware.