Hello fellows
I was wondering which side would be better:
Having some old Thinkpad but with coreboot/linux installed and the ME therefore disabled, but having security flaws with ancient cpus and no microcode updates?
or
Having some new high end device, with proprietary uefi and just linux?
I‘m bothered about those 2 options… Privacy and Security are going hand in hand for me and with this consideration Coreboot/Libreboot just seem to be useless nowadays.
Yes, an old laptop without any security updates is going to be less secure, than a modern day laptop with all security updates, but this is true for all firmware.
You can run Coreboot on modern day hardware, and it supports most security features.
The biggest difference is probably going to be Intel BootGuard vs. Coreboot vboot, but the downside of BootGuard is that it removes all control of the firmware.
Microcode updates can also be applied by the os. Linux does this for example and overwrites the microcode during boot until the next power cycle.
Coreboot and Libreboot are useless right now since the motherboard designers meant for them to be so. If I could install Libreboot on everything, I’d be the happiest I could be, but that is sadly not possible. I’m surprised Google still pushes out Coreboot for every Chromebook they have, although Chromebooks are a different kind of cancer to deal with