I’m interested in this question too… but I also find it very hard to make any recommendation. My only suggestion, which is also my approach, is to pick the components one by one and assemble the PC yourself. Under the OS it’s basically a complete black box (firmware, BIOS/UEFI, microcode, nothing is free). As long as you pick components that respect open standards and have free drivers, at least you can “drive” the devices with free software even if the firmware is obviously not. This means, for example, big NO to Broadcom, nVidia, or USB dongles that require proprietary drivers.

Disabled Intel ME

Is this really a possibility? I mean, can it be disabled for real? ME is both software and hardware, and really designed not to be turned off. If you can turn it off probably you’re going to lose some functionality as well such as fans control. I think ME is even required for booting the CPU. I haven’t followed the developments on ME for a long time, but I’d guess if ME can be disabled it’s only for a restricted selection of boards. ME is also programmed to shutdown the PC if disabled. So, “disabled” actually means that it’s still running but parts of it have been overwritten in order to make it inoperable, except for the ones responsible for booting up and shutting down. But, as I said I haven’t followed the developments on ME so I know very little; don’t take my words at face value. If those companies offer to disable ME, I would be rather curious to know to what extent they can actually disable it (can they nuke it from the board entirely?)

I think AMD has something akin to ME called PSP, but apparently they allow to disable it. I can’t vouch for it though (I’ve never done it personally, and all my PCs are older than Ryzen). But anyway the question stands: do you trust a proprietary BIOS that says to disable a proprietary blob?

And the option that you don’t want to hear: buy a old motherboard (Intel introduced ME around 2007-2008 I think, and AMD introduced PSP around 2012-2013 I think).

Libreboot/Coreboot

Libreboot has a list of supported hardware which is obviously very short. So if you want to use libreboot you probably need to start from one of those and build your PC around it.

Is this really a possibility?

There is a project called me_cleaner. It says “it can modify an Intel ME firmware image with the final purpose of reducing its ability to interact with the system”.

I asked another European vendor if they could do that for me if I pay more, because it seems difficult to do that on my own.

They responded this:

“Con respecto a desactivar el ME, es una opción que no ofrecemos, pues en nuestras pruebas no se ha podido desactivar TOTALMENTE dicho miniprocesador, o procesador secundario (algunos lo conocen de distinta forma), desconozco lo que hacen realmente desde la empresa que me comentas, no acusamos anadie de nada, por supuesto, pero como te decía en el pasado que estaba más activo el exploitde Intel ME, vimos casos de promesas de desactivación que no eran tal”.

Libreboot has a list of supported hardware which is obviously very short.

Too bad. I need a desktop computer for video editing and that requires a recent computer. Maybe I can get a good recent computer, and when my laptop breaks get an old laptop with Libreboot. There is a company called Raptor computer systems. They say:

“Raptor Computing Systems was the first vendor to come to market with POWER9, and will be the only source for POWER9 machines in this market segment for the forseeable future. We are the only vendor to offer a full lineup of whitebox-type parts and accessories for POWER9, and are the only vendor to offer a fully libre firmware and hardware solution. Furthermore, we are not just shipping a stock reference design, like other vendors did with POWER8; rather, Talos™ II contains numerous unique features that increase usability, promote openness, and boost system security. Talos™ II is truly one of a kind and is additionally protected against unauthorized hardware clones by patents and/or patents pending, so if you want the benefits of a truly open POWER9 system, be sure to get your Talos™ II today!”

Sadly their computers are too expensive for me.

video editing

What software do you use for video editing? Most of the F/LOSS ones I use are.. unstable.

The other problem with Talos is that they are Power ISA and not x86_64, so you’ll likely need to use gentoo or something similar (and compile everything yourself).

If you’re willing to “compromise” this one does look very interesting MSI Pro Z690-A.

Debian officially supports Power too (Power8 or newer, not the old Power Macs). They call it “ppc64el”.

What software do you use for video editing? Most of the F/LOSS ones I use are.. unstable.

I use Kdenlive (version 22.12.3). It works fine for me, maybe you are using a buggy version or you don’t have enough RAM.

I’m on 23.04.02, supposed to be stable. Been some months since I used it now, but it’s always had choppy playback with lots of audio stuttering and constant crashes.

this one does look very interesting MSI Pro Z690-A

this is a high end motherboard. I went looking for one but they sell from $100 to $200 used :/ It’s not too bad but I don’t wanna risk bricking it. If only they ported Coreboot to small-office computers like Dell optiplex or HP pro/elite/Z or Lenovo thinkstation, they are sold by the thousands and very cheap to buy second hand.

they are sold by the thousands and very cheap to buy second hand

maybe… but those PCs not only have proprietary firmware, they also have proprietary hardware standards. They use custom motherboard sizes, custom cables pinouts and headers, custom screws and mounting holes, custom heatsinks, custom PSU dimensions, everything is a proprietary standard except maybe only for the CPU and RAM. You buy it for cheap, and then you have to pay €20 for a cable only because it uses a proprietary standard.

They responded this:

Yes this is basically where it was at, the last time that I checked it (years ago). Some companies claimed they could disable IME but I think those claims were unfounded and deceiving. To be honest it’s really difficult to recommend anything… Either you live with Intel and buy a board where IME can be partially disabled, or trust AMD that PSP is going to be disabled when you tweak that knob in the UEFI.

Raptor

I know about them and I too wanted to buy from them, but the price is too expensive also for me (not because I think it’s not worth it, but simply because I cannot afford it)

Addition to your list:

• NO NVIDIA I have nvidia gpu and cannot use it with linux
• RISC-V

Well, RISC-V is still premature if you need to buy a PC right now. But I really hope it becomes a success story, and we all can have RISC-V workstations in a decade.