Multi factor boot authentication, making use of the TPM chip (to whatever extent you might consider that worthwhile or otherwise), generation of a QR code and a mobile phone app for external (to your laptop/ computer) "verification" of bootup hash values, doing so all in free libre and open source software (of course), is now in sight: https://puri.sm/posts/category/firmware/ (7 year old lappy here, saving for a puri.sm) Ideally, we'd actually have our own seL4 or other small sized kernel inside the Intel ME, so we could make full use of it; beginnings: https://puri.sm/posts/reverse-engineering-the-intel-management-engine-romp-m... https://www.reddit.com/r/linux/comments/6b2xgu/reverseengineering_the_intel_... Next, we need a libre hardware/ auditable "free/libre" hardware/ chip for ethernet and/ or wireless, as that'd be my first port of call if I were with intent and dollar$ to undermine "generally available hardware" in such a way that my rogue infiltration packet opened a hardware backdoor (on generally available hardware).