@Confused , @renehoj , @scallyob , @Litter_Box , @catacombs , @oxpoz , @fsflover , @pirron , @Insurgo and @Raphael_Balthazar :
If to choose between KCMA-D8 and KGPE-D16 - KGPE-D16 appears to have a better quality of a coreboot source code; also, my 3mdeb company has done the additional efforts of supporting this board after it has been removed from coreboot - please see Dasharo coreboot firmware distribution for KGPE-D16 , it should provide a better user experience than a regular coreboot 4.11
An unobvious problem with both of these boards, is that - despite their undeniably high performance among the no-Intel-ME/no-AMD-PSP boards - their AMD platform architecture is older and the original AGESA firmware code was of a worse quality than i.e. for fam15h/fam16h. You see the evidence of this by the existence of RAM Hardware Compatibility List for these server boards (while you can throw any RAM into fam15h/fam16h coreboot AMD-no-PSP) and that they have been dropped from coreboot much earlier.
So, for a server-level features (performance, RAM volume, peripherals, etc.) - KGPE-D16 with Dasharo firmware seems preferable, but if you need a regular no-Intel-ME+no-AMD-PSP computer with a more refined firmware quality - I really recommend these 3 boards that I am maintaining:
- Lenovo G505S laptop with A10-5750M (preferably a discrete GPU version because of two heatpipes - has either HD-8570M or R5-M230 dGPU, R5-M230 is slightly better)
- ASUS A88XM-E desktop with A10-6700/A10-6800K and also RX590 GPU (the latest GPU without PSP, i.e. 11289-07-20G SKU)
- ASUS AM1I-A micro-desktop with Athlon 5370/5350 (has more connectivity - i.e. LPT port - but unlike G505S/A88XM-E, this AM1I-A has no working IOMMU, so not for Qubes but good for other tasks)
All the corebooting information about these boards above - could be found on DangerousPrototypes website - Lenovo G505S hacking - DP (a primary page which despite its name actually suits all 3 boards, since their coreboot is so similar and there is just a small difference in building/flashing).
These G505S/A88XM-E/AM1I-A boards have a similar level of freedom: no AMD PSP, have a few remaining binary blobs but - with the exception of an optional XHCI USB 3.0 blob (without it all USB ports are 2.0) - these few blobs have been researched relatively well during the reverse engineering attempts (i.e. such projects as OpenAtom for the opensource replacement of GPU’s AtomBIOS blob) and no backdoors found.
So: for a Qubes desktop, I’d recommend A88XM-E with A10-6700/A10-6800K (A10-6700 is a few % slower but is 1.5x times cooler) that is maxed out with RX590 and 16GB by 2 of fast 1866MHz CL9 RAM (such as BLT8G3D1869DT1TX0) 8GB sticks. Please note that, despite a socket of A88XM-E is FM2+, you can only put A10-6*** there for coreboot usage; A10-7*** won’t work because AMD started blobbing AGESA around this time, preparing for the introduction of PSP crap, meanwhile there is a 100% opensource AGESA for A10-6*** and full coreboot compatibility.
Unfortunately, RAM with higher density - 16 GB sticks - are rare/expensive and also slower, so - if you really need more than 16GB of RAM (16GB is enough for Qubes last time I tested), it makes more sense to go for F2A85-M desktop: although its onboard chipset is slightly older than A88XM-E, it has 4 RAM slots; but there are too many hardware versions of F2A85-M (LE, Pro, etc.) which brings some confusion, so for me it was easier to just buy A88XM-E which just two versions: a regular one (coreboot-supported), and USB 3.1 (not supported). As for F2A85-M, I don’t maintain it, but its source code is quite similar to A88XM-E and therefore I expect it to work too.
For those not afraid of some coreboot porting experience, I would recommend getting A88XM-A - or, even better, A88XM-PLUS - and try to port A88XM-E coreboot source code there: they have 4 RAM slots and more connectivity.
These AMD-no-PSP boards - if maxed out - are more than enough even for the modern tasks. And, although personally I am using Artix Linux at the moment (Arch without SystemD), I know that both G505S and A88XM-E could run Qubes fine - thanks to a working IOMMU. The only more powerful no-ME/no-PSP option - is a Raptor Computing Systems - Talos II Secure Workstation and perhaps would be the upcoming GNU/Linux Open Hardware PowerPC notebook (haven’t checked it vs A10-5750M of G505S), although there is no Qubes version for anything else than x86_64
If you have any extra questions about any of these boards, feel free to ask them below and I will try my best to help you. Also, to learn more about the opensource firmware/hardware in general, I’d suggest going to our vPub online parties like this (no mic/webcam required, text chat is also available) . I really suggest subscribing to our tiny-volume event notification newsletter (no spam, just ~4 e-mails per year) because my manual invitation may not reach you in time