Yes, USB Armories are nice. But they're like a dev board, not a laptop. What I think we need is for Cyperpunk community to join Open Compute Project and define the Stateless Laptop. A fat, modular laptop that let you swap out the Intel/ARM dev board of the year, with a USB Armory or Arduino or other device to act as IPMI BMC. Like the modularity of blades/racks, but at the laptop level, like old laptops had bays where you could put in optical drive or battery or hard drive. Maybe multiple boards, like a cluster of RPI2s. OCP is for enterprises to build cheap enterprise hardware, there is no effort to build a privacy/secure citizen-focused device profile for OEMs to use.
the joy of ARM is avoiding all the usual platform UEFI, CHIPSEC, etc!
Except UEFI is an option for ARM as well. For AArch32, I presume it's used by APPL/MSFT/other vendors as a form of DRM to keep others from removing their OS choice from their HW. On AArch64, apparently it is there because server admins expect the UEFI pre-OS env for servers, and AArch64 wants to get into the server market. But unlike x86, UEFI is optional, U-Boot and coreboot are other options. Linaro offers both UEFI and U-Boot, their UEFI is a fork of Tianocore, with more ARM updates. I've not studied it closely, but I think there are multiple blob-free ARM UEFI implemenations, at least in the Linaro dev boards supported, and you can update the firmware on most dev boards. Linaro is porting CHIPSEC to ARM (AArch64), as part of their port of LUV (Linux UEFI Validation). CHIPSEC and BITS are not ported yet. https://wiki.linaro.org/LEG/Engineering/luvOS There is a lot of ARM/UEFI development going on in Linux and even FreeBSD, UEFI is not Intel-centric. I used to think that U-Boot was ARM-centric, but it also has Intel support now. So coreboot, U-Boot, and UEFI are all options for both Intel and ARM. Last week at the RISC-V workshop, I hear that someone has already (or is porting) UEFI to RISC-V. Personally, I like CHIPSEC. It is a firmware vulnerability tool. Without this tool, it'd be a lot harder to determine security profile of a device. I wish it was available on other chips (and had chip-centric security tests so it was useful). I wish CHIPSEC was available for coreboot and U-Boot, not just BIOS and UEFI.