While I do not dispute what you say, I would caution against thinking this has anything special to do with China or its ruling party. The same logic applies to Intel, AMD, Google, Microsoft, and many others, all of whom are U.S. or U.S.-based companies with long histories of collaborating with the United States government, sometimes willingly. They also all reside within the NSA’s backyard, for whom we do not really have a threat model because “they are somewhere between a usual state level attacker and Cthulhu”. Perhaps China’s 3PLA/4PLA is at a similar adversarial level, but the NSA likely remains chief among them in the pantheon.
I agree that Lenovo has a problematic history and its relationship with China is worrisome, though this should not be any different from a U.S. company unless your threat model for some reason includes the Chinese government and its APTs but not the U.S. or its—in which case, you are probably the U.S. government.
Currently, it is primarily the U.S. government that has prohibited Lenovo from use among its operatives for nationalistic reasons. If you agree with that assessment and include Chinese companies in your threat model, despite the lack of evidence that Lenovo has been used as a hardware attack vector outside of U.S. agencies (assuming even that is true), then you probably should view U.S. companies with similar concern. And when it comes to an eldritch abomination like the NSA, not even the anti-tampering and anti-interdiction services of NitroPad and Purism may be enough.
Regards,
John
P. S. To clarify, I am not saying to trust Lenovo; I am only saying to distrust it as much as you distrust any hardware tied to the U.S. and feasibly within its government’s reach. The current state of hardware trust and security is deeply depressing and unlikely to improve in any large amount (unless you count Google’s open hardware ventures to be an improvement), and this is only compounded by the adversarial nature of nearly all corporations and nation-states.