GM45 (x200) and earlier CPU chipsets(t60) are not providing security features needed for QubesOS virtualization(vt-x) nor isolation (vt-d second version).
I wrote a note here, which led to Sandy/Ivy bridge testing and my participation to Heads development after that moment: Research support for libreboot/coreboot-based systems · Issue #1594 · QubesOS/qubes-issues · GitHub
Talos II is getting ported to coreboot by 3mdeb now under my sponsorship. No, there is no libreboot as of now on that platfrom, where that might change, since libreboot is basically a coreboot distribution without blobs. There would be no philosophical issue nor anything preventing libreboot to support that platform once it is merged under coreboot. Coreboot replaces Hostboot, where petitboot can be replaced by Heads. One TPM support lands into coreboot (Talos II doesn’t have a functional physical TPM implementation) thrn Heads will be useable on that platform.
There is no Xen support of Power architecture as of now, where the work as started from Timothy Pearson (RaptorEngineering) under bounty payment from the community enthusiasts. More funding will be needed to reach a point where Xen will be stable enough to be included into Qubes, and will require Qubes to package dom0 software and templates to support PPC64LE and create a new ISO as the final testable deliverable.
Once ISO is released, end users will be able to have Qubes over Talos/Blackbird, with or without coreboot+Heads.
Until then, nothing freer then Ivy bridge/Sandy bridge with coreboot native initializing graphics, ram and platform is currently acceasible, with ME being neutered. But then again, EC controller is still closed source there. And as noted in other threads here, those Ivy/Sandy are not receiving any more support from Intel nor Lenovo, which means no more EC firmware updates nor microcode updates.
Newer platforms are of course existing, but those, even running coreboot, will come with FSP/Agesa and at best a deactivated ME/equivalent to come with microcode updates.
With the Meltdown/Spectre fiasco, Power was also vulnerable. Since they do not have this concept of microcode updates, CPU consumers had to chamge their CPUs to newer version. Of course trust is needed on those. But again, with enough money here, nothing stops anyone to replace IBM in that chain to produce a drop in replacement for those CPU, the ISA being completely open with documentation not needing NDA to be read.
Hope this shed some lights on the state of users controllable, ownable platforms and the security challenges we are facing today to have better tomorrows on those levels.