I just forgot. I noticed that some places (librem I think, and System76 <https://duckduckgo.com/l/?kh=-1&uddg=https%3A%2F%2Fliliputing.com%2F2017%2F11%2Fsystem76-will-disable-intel-management-engine-linux-laptops.html>) are selling computers with ME (partially) disabled on their intel procs, does anyone know about either buying just procs or mobo/proc combos with (partially) disabled intel ME procs?

Purism is a scam, ME can't be disabled.
Please note their "coreboot" is simply a shim loader layer, the hardware init is done by the intel FSP binary blob moving the trust layer from the vendor+intel to just intel which I argue is not a real improvement to justify the high price of their devices.


Google tried to get intel to free ME, if they can't do it then no one can.

System76, Purism etc are all using me_cleaner a tool which they didn't develop so you can buy pretty much any laptop and get the same results if ME is your only concern although considering the massive security problems with intel CPU's now I wouldn't buy one.

My laptop recommendation as always is a lenovo G505S, no ME/PSP and coreboot with open source cpu/ram init (blobs for video/power, but are removable due to no hardware code signing enforcement unlike intel or new amd stuff). It works with Qubes 4.0.

For a desktop/workstation I recommend the libre firmware available KCMA-D8/KGPE-D16 (coreboot with entirely open source hardware init) they also feature OpenBMC for libre remote management.

