Quoting zap (calmstorm@???):

> Very well then,
> https://libreboot.org/faq.html#will-the-purism-laptops-be-supported
>
> that is one perfect example. If it were possible, I think libreboot
> would have said something by now about the intel_me cleaner making it
> possible.

This is significant and worthy of note, but please be careful to not
over-read. Libreboot Project take the sensible stance that it is best
to avoid hardware containing Intel ME, including the Purism laptops,
because of (1) Intel ME, and (2) the Intel Firmware Support Package
(FSP) that coreboot uses to handles all hardware initialisation,
including memory and CPU initialisation. (Among other things, Libreboot
Project point out that FSP sets up System Management Mode, which is a
known-problematic system layer underlying the regular OS level).

As it happens, as I mentioned, I just recently bought (to play with) a
reconditioned Zotac CI321 w/4GB RAM and a 64GB SSD for US $125 with 1
year warranty from Zotac after John Franklin mentioned the Zotac
C-series here. (TY, John!) It has the Intel ME and Intel FSM problems,
too.

If I understand correctly, it would be self-defeating to totally disable
the Intel ME on hardware that uses it -- because the ME is instrumental
in initialising the hardware for use. The best possible outcome under
the circumstances is to be able to programmatically disable the ME as
part of boot-up, as can be done at least for ME version 11 using the
technique discovered by Positive Technologies.
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Intel Corp. have confirmed that this technique does disable ME version
11. Call me excessively trusting if you will, but I believe them. And
FWIW I do _not_ believe the people thinking ME is a plot to
security-compromise our computers. It's a (regrettable) technology
intended to facilitate OOB management. The rationale makes perfect
sense, even if the unintended side-effects are woeful.)

I think, if you credit Purism with a modicum of good will, you might
concede that an Intel ME (version 11) that gets programmatically lobotomised
immediately upon boot using the Positive Technologies (which I hope and
expect Purism are using) is as close to no Intel ME as makes no
difference.

The FSP is a separate problem (for both the Purism laptops and my
little toy Zotac), and I can't say much about more about that.


My own semi-considered opinion: Purism have been repeatedly guilty of
the, on balance, venial and rather common sin of shading the truth just
a bit. Public relations. They may not be unstained saints of the
Church of Free Software, but then, who is?

Shades of grey. We have 'em.