Purism Librem Laptops Remain Blobbed Up, Less Than Interesting

Ironic title is ironic

This is the sort of thing someone would buy for an ultra-security laptop but as described does not provide protection from all possible malicious firmware provided by the OEM. As of now, that sort of thing still calls for a Chromebook or other known coreboot compatable machine bought out of town with cash, coreboot installed without ever having previously been on the network, followed by installing an OS also free of blobs in dangerous paths such as keyboard input. Older motherboards and CPU's will be the better bet for this, you really do need to do your homework. Even with all this, total trust does not exist because the only difference between malicious firmware and outright malicious hardware is the difficulty of modification of a single example. Only open firmware over open hardware/hardware from your own fab(like the NSA does for themselves) can give "turtles all the way down" trust. Real world "Snowden level" security thus involved multilayered defenses. They got through Tor with a firmware exploit? OK, they are still looking at coffeeshop security camera footage and coming up empty because you were in a park with a Pringles can antenna. They exported the CPU ID through the random number generator and the https connection? The machine was bought with cash, used once, and destroyed. Sandboxing is not limited to inside the machine when it really counts.

This has already been explained...

Source

Edit: There's even a site that's got their status for FSF RYF Certification

I'm happy I didn't fund that. Well, okay, first it was that nvidia thing but then intel... coreboot hostile... never. It is sad that they fooled so many people, or even fooled themselves. I mean, they could really have asked some Coreboot / Libreboot people about the obstacles before they started shouting their advertisements.

So, basically one can't have blob-free boot sequence with Intel (that's why I like ARM boards, etc - most of them can complete mandatory boot steps without vendor-signed shit).

Whatever these Intel nuts mumble, it actually looks like this: Intel took over complete control over x86 system via their ME crap and tightened it further with BootGuard, etc.

And actually they even refuse to provide abilities to get rid of their system pwnage stuff. Supplying you "features" like backdoored AMT crap, running unknown OS without source code available. Yet, it controls most critical parts and can pwn whole PC at will.

<sarcasm>Feel yourself secure, dear x86 users. There is backdoor and you can't remove it, whatever you'll try... </sarcasm>. I guess next time Intel should also supply some remotely controlled chaingun to improve their "security" further.

Now those who still have working brains can easily guess why Stallman stays miles away from intel crap. And worst part of it: Stallman has got a point. As usually. He may look strange, but really he is just some Captain Obvious. Also counts as Captain UnObvious for those who lacks working brain.