So in wake of all the ME/PSP/TrustZone, UEFI/firmware exploits, pozzed OSs, Vault7 CIA stuff, etc, what would be the best realistic alternative or "solution" for the average tech person?
Here's my example (please criticize it and give better solutions)...
""Hardware:""
CPU: AMD FX 8370 (One of the last "modern" powerful CPUs that do not contain PSP. The resulting heat generated by this kind of CPU has to be tolerated anyways since this example needs to be able to support multiple VMs, gaming, etc.)
Motherboard: One of the lower end mobos listed here asrock.com/Feature/3TB/index.asp that do not have UEFI, or at least does not mention it. I read from a thread that the M5A99X Evo 2 may have coreboot running on it, and provided this link coreboot.org/pipermail/coreboot/2012-February/068459.html But from what I read in that, it only mentions he got it halfway working? For a noob tech that's not a very helpful solution. It sure would be nice to see a coreboot fully supported desktop AM3+ mobo, even if just one of the mobos, but I have not seen any such thing so far.
Rest of the hardware is whatever.
""Operating System:""
OpenBSD (or Gentoo if you can configure a non-systemd version of it.)
This way on top of a hopefully secure OS running on non-pozzed hardware, you can run VMs with whatever OS you need the its functions for. For example, for gaming, you can start up a virtual machine running Win7 with GPU card passthrough; or for private internet browsing, start up a virtual machine running Tails. This way, you can run whatever you want, on privacy and security friendly hardware and OS. inb4 Arch, Arch is pozzed with systemd.
""P2P Chat Software:""
Tox.chat (i've seen some anons criticize it, but did not give any reason or evidence)
""Browser:""
Firefox or a fork (Palemoon), with all the necessary configurations and addons https:// privacytoolsio.github.io/privacytools.io/
Tor Browser
""VPN:""
One that is not in the Five Eyes, and have strong encryption + no log policies. Was going to link to thatoneprivacysite but it seems it got shut down. :(
Even if its not truly secure, it's at least a best effort progress compared to the mainstream options, and cuts down on the attack surface area(getting rid of me/psp, uefi, etc). For the old Thinkpads people, old thinkpad laptops are not realistic (from what I can see) for running multiple VMs, gaming, etc. while at the same time preserve some degree of control over privacy and security.
What do you think? Is it all truly vanity?