security vulnerabilities
oof.
Honestly if there were a hardware manufacturer that didn’t have the intel management engine style functionality or AMD’s equivalent of it, I would build my next laptop with that even if if the base clock and shared cache was rated for half that amount.
System76 make linux-based computers, and they specifically ship them with the IME disabled. I know that’s not exactly what you ask for, but it’s similar in nature
The downside of disabling it is the chance of bricking your expensive silicon, as the drivers to it are mysteriously inaccessible to the operating system, but I literally can’t think of anything else to add once it’s already down. It’s not-end user facing, there’s no API for it, it’s basically just there to be a firmware back door for the NSA and possibly extremely skilled foreign hackers. It doesn’t affect the actual processing layer of the chip at all IIRC.
I actually considered a thelios or whatever they call their desktop systems are called but, the fact that their motherboards don’t support liquid cooling blocks was a turn off for me. Id get a laptop but they are so very expensive. If only I had the money, it would be my first choice however. Certainly now that Linux gaming has become just as good if not even a better experience than on wendoze.