Lenovo T470s LibreBoot Security Hardened Laptop. i7 / 12Gb RAM / 256GB SSD
$500 posted or swap for gold / silver.
This laptop has been security hardened. The original BIOS has been replaced with a libreboot BIOS that has had the backdoors closed. It only runs Linux, not windows.
Also hyperthreading has been disabled due to its security risks.
Here is more info on The Intel Management Engine and why it a security risk:
The Intel Management Engine (ME) is a separate, hidden microprocessor embedded in all Intel chipsets since 2008. It runs an independent operating system (MINIX) with elevated "ring zero" privileges. Because it controls networking, power, and memory, and cannot be audited, critics—including the Electronic Frontier Foundation—consider it a massive security and privacy hazard.
The Intel Management Engine is Really Rather Scary
This closed source non-auditable subsystem can:
Access all areas of your computer's memory, without the CPU’s knowledge.
Access every peripheral attached to your computer.
Set up a TCP/IP server on your network interface that can send and receive traffic, regardless of whether the OS is running a firewall or not.
Run remotely even when your computer is turned off.
Enable a remote user to power on, power off, view information about, and otherwise manage your PC.
ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include a DRM application called "Protected Audio Video Path" (PAVP). This allows a remote user to access everything that is shown on your screen.
If your PC uses an Intel chip, then it does not matter which operating system you run. As Brian Benchoff notes in a Hackady blog post,
“Own the ME and you own the computer.”
Terrifying as this all is, it gets worse. The AMT application (see below) has known vulnerabilities, which have already been exploited to develop rootkits and keyloggers, and to covertly gain encrypted access to the management features of a PC. As Libreboot notes in its FAQ,
“In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely.”
Until now, the only way to do this has been to avoid all generations of Intel hardware newer than ten years old! Unfortunately, opting to use a non-Intel processor does not get you very far…
Non-Intel Chips are Not Safe Either!
All post-2013 AMD chips contain a Platform Security Processor (PSP). Implementation of this is very different from that of Intel’s IME, but it does a very similar thing. It also comes with all of the same basic security and freedom issues as the IM.
Android and iOS devices, on the other hand, all ship with an integrated proprietary chip known as a baseband processor. It is well known in security circles that this can effectively act as a backdoor…
And The Windows Security Threat….
What Windows does…
Takes Screenshots Of Your Screen
A screenshot every few seconds. It stores them. Just sitting there. Researchers have shown ways to read every single one. They’ve already done it twice. Microsoft’s official response in April 2026: “not a vulnerability.”
Shows Ads In The Start Menu
Promoted apps, suggested content, nudges built from the data you agreed to provide in the fine print. On a machine you paid for.
Takes Your Files And Puts Them In The Cloud
OneDrive auto-uploads your Documents, Desktop, and Pictures the moment you sign in. The local folders become empty shortcuts. Microsoft asked. You said no. It happened anyway.
Forces A Microsoft Account To Use The Machine
Local accounts are increasingly blocked. The computer you bought needs you to sign in to use it.
$500 posted or swap for gold / silver.
This laptop has been security hardened. The original BIOS has been replaced with a libreboot BIOS that has had the backdoors closed. It only runs Linux, not windows.
Also hyperthreading has been disabled due to its security risks.
Here is more info on The Intel Management Engine and why it a security risk:
The Intel Management Engine (ME) is a separate, hidden microprocessor embedded in all Intel chipsets since 2008. It runs an independent operating system (MINIX) with elevated "ring zero" privileges. Because it controls networking, power, and memory, and cannot be audited, critics—including the Electronic Frontier Foundation—consider it a massive security and privacy hazard.
The Intel Management Engine is Really Rather Scary
This closed source non-auditable subsystem can:
Access all areas of your computer's memory, without the CPU’s knowledge.
Access every peripheral attached to your computer.
Set up a TCP/IP server on your network interface that can send and receive traffic, regardless of whether the OS is running a firewall or not.
Run remotely even when your computer is turned off.
Enable a remote user to power on, power off, view information about, and otherwise manage your PC.
ME firmware versions 4.0 and later (Intel 4 Series and later chipsets) include a DRM application called "Protected Audio Video Path" (PAVP). This allows a remote user to access everything that is shown on your screen.
If your PC uses an Intel chip, then it does not matter which operating system you run. As Brian Benchoff notes in a Hackady blog post,
“Own the ME and you own the computer.”
Terrifying as this all is, it gets worse. The AMT application (see below) has known vulnerabilities, which have already been exploited to develop rootkits and keyloggers, and to covertly gain encrypted access to the management features of a PC. As Libreboot notes in its FAQ,
“In summary, the Intel Management Engine and its applications are a backdoor with total access to and control over the rest of the PC. The ME is a threat to freedom, security, and privacy, and the libreboot project strongly recommends avoiding it entirely.”
Until now, the only way to do this has been to avoid all generations of Intel hardware newer than ten years old! Unfortunately, opting to use a non-Intel processor does not get you very far…
Non-Intel Chips are Not Safe Either!
All post-2013 AMD chips contain a Platform Security Processor (PSP). Implementation of this is very different from that of Intel’s IME, but it does a very similar thing. It also comes with all of the same basic security and freedom issues as the IM.
Android and iOS devices, on the other hand, all ship with an integrated proprietary chip known as a baseband processor. It is well known in security circles that this can effectively act as a backdoor…
And The Windows Security Threat….
What Windows does…
Takes Screenshots Of Your Screen
A screenshot every few seconds. It stores them. Just sitting there. Researchers have shown ways to read every single one. They’ve already done it twice. Microsoft’s official response in April 2026: “not a vulnerability.”
Shows Ads In The Start Menu
Promoted apps, suggested content, nudges built from the data you agreed to provide in the fine print. On a machine you paid for.
Takes Your Files And Puts Them In The Cloud
OneDrive auto-uploads your Documents, Desktop, and Pictures the moment you sign in. The local folders become empty shortcuts. Microsoft asked. You said no. It happened anyway.
Forces A Microsoft Account To Use The Machine
Local accounts are increasingly blocked. The computer you bought needs you to sign in to use it.