FOSS / Privacy / Modularity / Linux-centric Laptop Sellers

[Ferryman]

Title. I've recently been looking into getting a future proofed laptop that specifically ships with a gimped Intel Management Engine & has as much capacity for upgrading & part replacement as possible. I get that the whole IME thing might as well be Area 51-tier autism at this point, but I'm a bit of a privacy schizo so IME gimping & a FOSS bios are non-negotiable. AFAIK these are all the sellers that I've seen explicitly mention a disabled IME:

• Purism
• Dell(?)
• System76
• TUXEDO
• Slimbook
• NovaCustom

I've heard mixed reviews about System76, and less than stellar stuff about Purism. From what I gather, Purism especially has issues with shipping delays and poor customer support. I hear a lot of good things about TUXEDO and NovaCustom, with the latter being especially enticing because they seem to be the most Framework-like of the bunch in terms of raw customization options while also shipping with a disabled IME. I'm hearing that Framework is the end-all-be-all in terms of raw customizability & part replacement, but I just know that having Intel's fingers in my asshole will bug me if I end up getting one.

TLDR: Lets discuss laptops that ship with FOSS bios & a gimped Intel Management Engine.

 

[The Connected Nose]

Purism charges a premium for older hardware, and IIRC ships with tiny batteries.

System76 seems nice (and their desktop cases are made in the US from US-sourced materials, IIRC), but for notebooks their only AMD offering (Pangolin) has an anemic-as-fuck battery, while the thin & light Intel offering (Lemur Pro) is, well, Intel. So you get a much larger battery, only to get saddled with a "12-core" CPU that only has two cores that are worth a shit. 2 "performance" cores, 8 "efficiency" cores, and then 2 "low-power efficiency" cores.

Dell won't get you anything without IME, since they use it as a selling point for business management. Although I will say their business account support is top notch.

I don't know anything about the others.

 

[Spasticus Autisticus]

I'm hearing that Framework is the end-all-be-all in terms of raw customizability & part replacement, but I just know that having Intel's fingers in my asshole will bug me if I end up getting one.

Framework sells AMD laptops as well. I use a Framework 16 as my daily driver and it's pretty good, but I have a few complaints:

• The modular aspect of it leads to a slightly less "solid" feeling compared to a typical laptop. The spacer panels are just ever-so-slightly not flush with their neighbors. Making a double pass of tightening the assembly screws when you put it together helps, but doesn't solve the problem.
• Keyboard deflection was an issue. Early batches had a worse problem with this, but even the batch I got that was supposedly fixed was still not great in this regard. They sent out a kit that comprised of some foam pieces to stick underneath the keyboard, which helped and I'd call it "OK" now.
• In Linux, I've had the occasional hard freeze. It's rare, but any amount over zero is concerning to me.
• Speaking of Linux, there is an amdgpu bug which causes display corruption when using the built-in display panel (external displays are fine). It's not a showstopper, but noticeable and annoying. There is a patch available, but other than that the only workarounds involve setting some kernel flags that significantly reduce battery life.
• 240W USB-C PD adapters are hard to come by. This is only a problem if you max out the specs and get a dGPU.
• I often have to reconnect it several times to my docking station to get the video output to work properly.

Another brand to note is NitroPad, from the creators of the NitroKey. Those are probably the best for the seriously paranoid.

 

[Waifu Denier]

System76 seems nice (and their desktop cases are made in the US from US-sourced materials, IIRC), but for notebooks their only AMD offering (Pangolin) has an anemic-as-fuck battery, while the thin & light Intel offering (Lemur Pro) is, well, Intel. So you get a much larger battery, only to get saddled with a "12-core" CPU that only has two cores that are worth a shit. 2 "performance" cores, 8 "efficiency" cores, and then 2 "low-power efficiency" cores.

The hardware is still last I recall white label Clevo laptops, which to my knowledge many other companies like Tuxedo also use. If you absolutely need things like Coreboot support and such I guess there aren't many other options but build quality for the price was always what kept me from pulling the trigger.

 

[FedraGlow]

Purism prioritizes user privacy by employing coreboot to disable the Intel Management Engine (IME) on its Librem laptops. However, the company has encountered criticism related to delays in product availability and challenges concerning customer support.

In the realm of business-oriented computing, Dell provides several models that allow for IME deactivation as a customized order; this service is primarily aimed at corporate clients. Despite this option, the process remains complex and is further complicated by the proprietary nature of the BIOS.

System76 adheres to coreboot-based firmware, ensuring that IME is disabled wherever feasible. The company is recognized for its robust support of the Linux operating system, although customer experiences may vary significantly.

TUXEDO Computers facilitates the disabling of IME through its BIOS settings, concentrating on compatibility with Linux systems, thus positioning itself as a viable choice for privacy-conscious consumers.

Slimbook also addresses the privacy needs of users by providing BIOS updates that allow for IME deactivation on select models, appealing to enthusiasts keen on safeguarding their digital privacy.

NovaCustom distinguishes itself through extensive customization options while explicitly indicating its commitment to disabling IME, which allows for a configuration akin to that of Framework but emphasizes privacy features.

Framework is characterized by its high level of customization; however, it does not officially support IME deactivation. Users interested in disabling IME may need to explore third-party solutions, which may pose risks to warranty coverage or system stability.



For customization and IME disablement, NovaCustom and TUXEDO Computers are probably your best bets, but always double-check the details with each vendor.

Spoiler: links

https://news.ycombinator.com/item?id=9912821

https://superuser.com/questions/1022803/construct-an-open-hardware-laptop-without-intel-management-engine-me

https://rog-forum.asus.com/t5/rog-gaming-notebooks/how-to-disable-the-intel-management-engine/td-p/612166

https://slimbook.com/en/blog/guides-2/post/laptops-without-intel-management-engine-382

https://www.reddit.com/r/thinkpad/comments/jeqwuo/amd_cpus_and_the_intel_management_engine/?rdt=52115

https://security.stackexchange.com/questions/168433/is-there-a-list-of-new-laptops-without-intel-management-engine-built-in

https://forums.puri.sm/t/other-laptops-without-intel-management-engine/17068

Intel Management Engine - Wikipedia

en.wikipedia.org

https://hackaday.com/2020/01/28/factory-laptop-with-ime-disabled/

https://puri.sm/posts/purism-librem-laptops-completely-disable-intel-management-engine/

https://forums.anandtech.com/threads/disabling-intels-management-engine-me.2517366/page-2

https://www.dell.com/community/en/conversations/optiplex-desktops/what-does-me-disabled-really-mean/647f8264f4ccf8a8de118d9e

https://hardware.slashdot.org/story/17/10/29/0324201/purism-now-offers-laptops-with-intels-management-engine-disabled

https://security.stackexchange.com/questions/255373/what-is-the-latest-version-of-thinkpad-laptops-that-doesnt-have-intel-managemen

https://forum.qubes-os.org/t/intel-me-disabled-offered-by-dell/12609

 

[Ferryman]

Another brand to note is NitroPad, from the creators of the NitroKey. Those are probably the best for the seriously paranoid.

The hardware is still last I recall white label Clevo laptops, which to my knowledge many other companies like Tuxedo also use. If you absolutely need things like Coreboot support and such I guess there aren't many other options but build quality for the price was always what kept me from pulling the trigger.

Interesting, didn't know they also made laptops. Looking at their most recent available models it seems like they're using the same Clevo V56s as NovaCustom. AFAIK most of these guys sans Framework sell customized Clevo-based laptops - Tuxedo, Nova, System76, all of em. Sure, people say build quality can vary, but in my experience they've overall been pretty solid, so that doesn't bother me too much.

As far as reputation is concerned, Nitrokey is obviously a great sign cause I hear about them all the time in trve e-schizo circles. NovaCustom also has an anti Ross Ulbricht-style theft dead man switch called BusKill. The fact that they sell something like that makes me thing they're also legit, and they do seem prety adamant about killing the IME on their devices. Plus, they're Dutch, and in my experience, Dutch people tend to be pretty ruthlessly honest and private, so that kind of lends a bit more credence to them, if only anecdotally.

 

[Stalphos Johnson]

Framework sells AMD laptops as well. I use a Framework 16 as my daily driver and it's pretty good, but I have a few complaints:

• The modular aspect of it leads to a slightly less "solid" feeling compared to a typical laptop. The spacer panels are just ever-so-slightly not flush with their neighbors. Making a double pass of tightening the assembly screws when you put it together helps, but doesn't solve the problem.
• Keyboard deflection was an issue. Early batches had a worse problem with this, but even the batch I got that was supposedly fixed was still not great in this regard. They sent out a kit that comprised of some foam pieces to stick underneath the keyboard, which helped and I'd call it "OK" now.
• In Linux, I've had the occasional hard freeze. It's rare, but any amount over zero is concerning to me.
• Speaking of Linux, there is an amdgpu bug which causes display corruption when using the built-in display panel (external displays are fine). It's not a showstopper, but noticeable and annoying. There is a patch available, but other than that the only workarounds involve setting some kernel flags that significantly reduce battery life.
• 240W USB-C PD adapters are hard to come by. This is only a problem if you max out the specs and get a dGPU.
• I often have to reconnect it several times to my docking station to get the video output to work properly.

Another brand to note is NitroPad, from the creators of the NitroKey. Those are probably the best for the seriously paranoid.

I've been using the AMD Framework 13 and it hasn't had these problems, probably because it's gone through a few more revisions. Good battery life, feels well put together, keyboard and mouse are one of the best I've had. If you don't want the bigger screen or you don't need a dGPU get the Framework 13.

 

[Frederica Bernkastel]

Framework sells AMD laptops as well. I use a Framework 16 as my daily driver and it's pretty good, but I have a few complaints:

Intel has said they want to make their computers modular too.

 

[The Connected Nose]

NovaCustom also has an anti Ross Ulbricht-style theft dead man switch called BusKill.

BusKill cables can be plugged into whatever you like. For even more security, you can install USBKill, which creates a whitelist of authorized devices. Plug in a non-whitelisted device, and it'll do whatever you have it configured for, from locking the screen, to wiping RAM and destroying the LUKS encryption headers, rendering everything on the drive irrecoverable.