1) Secure/Privacy
2) Usability and maintenance for the layman in need of security
3) Price
4) New laptop
Based on my research the most secure would be:
Older laptops:
G505
x220
T420
W520/W530
Pro:
-price/value
-Coreboot
Cons:
-only available as used/refurbished
For a new, currently available on the market(a positive HCL report just came up):
Lenovo - T480
I am sure other Lenovo work well...my experience has been good.
Other products I have looked at include:
Carbon 5/Developers - Recalled...potentially good in the future refurbished market. Huge value in the fact the Qubes developers use this laptop. A little expensive
Purism - Libre or coreboot? with proprietery software in BIOs
System 76 - Gaming PC primarily
Thinpenguin - Libre or coreboot? with proprietery software in BIOs, manufacturer unsure of 4.0 compatability
Talos2 - expensive(desktop only?)
My specific questions are:
1) A lot of custom gaming laptop makers in the USA...any companies flashing Coreboot or Libre on new or refurbished laptops commercially for Linux?
2) My wish list would be able to crack open a laptop and flash coreboot(orLibre) but I am concerned this is just too techy. Is it hard to do? Is it hard to maintain? Hard to repeat?
3) How risky are the proprietery BIOS? Is this Nation state, Lenovo threats only? While I like my privacy I likely have bigger issues if they want access. How risky are "stock" BIOs from say a Lenovo...realistically/practically speaking.
4) Is Qubes still better then a Mac or PC even with proprietery BIOS?
I am an open source purist(wannabe) but I need to balance usability/practicality. I am trying to understand and quantify the benefit of OSS BIOS and the security benefit balanced with ease of maintaining/implementing.
While its frustrating the hardware compatability challenges, I like the hard stance Qubes makes on hardware "certification"....
Any feedback or dialogue is welcome.
(PS Thanks for the forum members for prior posts and helping with the info above)