Hardware

If your hardware is compromised and has a backdoor then none of your protections in your OS will protect against it. This is very dangerous and is why it is very important to use open source hardware with privacy in mind. These are near impossible to get.

Modern Intel CPUs come with a thing called a Management Engine. This is mainly used for businesses but can be used to compromise your computer. The ME has full access to memory, the TCP/IP stack, can send and receive network packets, can activate your computer remotely and is signed with an RSA 2048 key that cannot be bruteforced. The ME is completely proprietary so nobody can audit it.

AMD CPUs come with their own equivalent called the PSP. Many people claim that this has full access to your computer but none of these claims have any evidence it back it up. AMD has repeatedly refused to open source the code. This could indicate some kind of backdoor they don't want us to see but there isn't any evidence for this.

These can be used as backdoors into your PC and nothing can stop it. This is why we must use secure hardware.

ME Cleaner

The ME Cleaner is a python script the removes unnecessary parts of the ME. You can get it here.

Coreboot

Coreboot is an open source UEFI/BIOS replacement. It only has a few proprietary blobs and these shouldn't be a problem.

Libreboot

Libreboot is a de-blobbed version of Coreboot so it removes all proprietary blobs. This makes it incompatible with newer computers and have a high risk of bricking your motherboard.

I do not recommend Libreboot as it does not allow microcode updates which are very important for security.

Libreboot logo

Talos II

Talos II is a series of workstation and server computers made by Raptor Engineering. It uses 100% FOSS boot firmware. You can find more info on their website or you can read the Libreboot article.

Raptor logo