Choose old Intel systems (i945 and gm45 can work with free boot firmware and without Management Engine firmware which implements AMT). (TPM is just a mostly useless chip, it's harmless.) If you choose AMD, you should decide if their signed blobs are sufficiently harmful. You won't avoid having much writable flash storage (in the chip storing boot firmware), unless you use coreboot and customize it to not write memory training data needed for suspend to RAM and faster booting. (Builtin wifi is in SoCs for routers and some phones, I think no x86 system has it.)
Cryptographic code necessarily does much work on the CPU, which means more power being used. It did optimize too well for speed and avoid some unnecessary computations, making it possible to find private keys From the pattern of power usage (and resulting noise from capacitors and inductors). GPG was fixed to prevent guessing private keys from such noise, so you hear only that encryption (or another CPU-intensive operation) occurs, maybe also what key size you use (while everyone now uses 4096-bit RSA keys for GPG). See http://cs.tau.ac.il/~tromer/acoustic/ for details.
signature.asc
Description: PGP signature
