@Suiseiseki @dj @ryan @p @ins0mniak @lanodan

>installing GNUBoot
Then you are left with a CPU vulnerable to almost all sidechannel attacks which are a bigger threat than an IME backdoor. Literally the only way to not be vulnerable to known vulns and backdoors is to make the CPU yourself from public die designs. Only then you can be sure that nobody played with it. Or use TTL hardware from the 70's. It's too much cost for barely any benefit. Modern hardware for the past several decades is untrusted by default and nothing can make it trusted.

And before you go, I don't run untrusted code on my computers and block JS. What happens when there's a JS block bypass for your browser? GNUBoot won't save you from an exploitable CPU. But a browser with JS not even implemented might (links/lynx/...)