I dont understand what you are now confused about. It would be helpful if
you were to be clear about this rather than scatter gun approach and
confusing other readers.
On your original question, “Still very very confused what “reasonably
secure” means?”, Zrubi answered this: it is a perfectly normal use
of the word “reasonably”.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.
Sorry.
It would be helpful if you addressed the questions in the original post (OP).
This is the General Discussion part of the forum no?
Apologies if you think this is “scatter gun approach”. How would you want these questions asked?
Please feel free to turn this question into multitudes of individual General Discussion questions if you want. 
You are right Zrubi best answered with
…
…
Here might be room for General Discussion
Appreciate you and Zrubi’s thoughts and input . Maybe misunderstand what the General Discussion area is for.
Thank you for contribs and input.
That is fine.
You wrote:
One potential, partial answer being:
The terminology I refer to - hardware - computer are those described on the website Dangerous Prototypes, relating to the more narrow question of - Is there a computer hardware that has neither InteL ME, (That is the feature of the Intel Management Engine which Intel can turn on (my personal Computer) surreptitiously (without my knowledge)
(Yes, there are a lot of posts on either buying a computer from someplace with that portion of IME turned off, neutered. and a huge post on IME. Sorry, to repeat any IME stuff here, explanation here seemed needed. Post points about IME on that long post. Not here.
Or AMD processor spyware PSP for which (I do not know what it does) but is surreptitious.
These two pieces of hardware I mentioned are so old they did not come with the surreptitious bits of firmware that ever had IME, or AMD-PSP.
Think slow 2013 computer. Slow computer hardware.
and to work, additional requires a hardware Flash of ROM. To give credit where it is due. Mike Bannon. Who wrote the firmware and pioneered the techniques required.
Again, I refer you to the documentation on this process on the Dangerous Prototypes website for these two PC’s I would rather not post links, because you guys are smart enough not to use them, but search the topic “dangerous prototypes” on your own. "dangerous prototypes does not have a valid web certificate, and browsers hiccup at that.
Your point, “supply chain compromised hardware” Oh hum. Since huge amounts of our computer and computer parts come from China, or which might be substituted, say after it enters our local country (for me the US). Well. Good point. Then again my buying a 2013 computer off a dusty shelf somewhere, How likely is it that my countries local version of NSA going to substitute something for that?
Before I received on of my computers, I asked the forum if there was any way to read the firmware, which includes portions I can not change, and verify if it had been tampered with. I was told there was not a way to do that.
There are portions of the firmware which can be updated. Someone was stated that some parts of the firmware were secured in place by “fuses” in the MOBO which the manufacturer, after installing some parts of the firmware. blew open to prevent tampering. If that is wrong. well, please let us know.
If one reads through some security related websites, some suggesting some encryption software also say things like-- Like this is “unbreakable” those knowledgeable with encryption say --“never believe” or trust anyone who says that.
Hence the term --reasonably secure operating system.
Your statement that “Qubes OS A reasonably Secure Operating System is accurate”.
If I am inaccurate in anything I say here. please correct me. I fully admit to not knowing as much as many others here. but parrot and pretend.
I strayed slightly away from the original post, to answer that question.
Appreciate your response. Thanks!
@Confused and @catacombs :
ASUS AM1I-A and ASUS A88XM-E
Much much appreciate @mike_banon 's work but do not these boards suffer the same probs as Asus KCMA-D8 and KGPE-D16?
Thank you for your kind words! 
A88XM-E & AM1I-A desktop boards + a G505S laptop - while being less powerful than i.e. KGPE-D16 - are based on a newer AMD platform (still without a PSP “backdoor”), and as result they enjoy a newer version of low-level AGESA library (provided by AMD long time ago and subsequently improved by the community) and a more refined coreboot BIOS source code
However (while not sure about KCMA-D8) - I don’t want to discourage anyone from getting a KGPE-D16, especially since this week I finally ordered a pair of used KGPE-D16 boards & hardware parts for them 
And - while being a bit late to a club of humble KGPE-D16 enthusiasts! - considering a lack of privacy respecting alternatives of the same security / firmware freedom level (aside of Talos II workstation which is a different “game”) - I’m very serious about this platform 
Plenty of earlier problems have been resolved by the opensource community members who have put a LOT of efforts into KGPE-D16:
So, while you may choose the newer coreboot-supported AMD-no-PSP boards for their higher “user friendliness” - feel free to dive into KGPE-D16 if you need something more powerful, with a huge RAM for ramdisks and other things, and enjoy this enterprise server hardware (i.e. these top Opterons costed like ~$1k per CPU in the past) and software freedom at the same time - but please be prepared that:
With KGPE-D16 you must follow this RAM compatibility list and choose either HMT42GR7AFR4A-PB or M393B2G70QH0-YK0 model of 16 GB RAM based on your local availability (they are dirt cheap nowadays - i.e. 256GB Samsung 16x 16GB 2Rx4 PC3L-12800R DDR3 RAM M393B2G70QH0-YK0 | eBay , a full 256GB set of compatible RAM, $130 for 16 modules - but not all the sellers mention the server RAM’s full model at the product description, making the things more tricky) - and then hunt for 16 same modules in order to achieve 256 GB RAM on your platform, for ramdisk or other purposes; with the “wrong” modules you may hit 192 GB ceiling / encounter other problems and become disappointed
The availability of server parts like a spare KGPE-D16 board, top Opteron CPUs (either 6386 SE at 140W , or 6380 which is slightly slower but is more obtainable and less hot at 115W) to squeeze the max possible performance out of this platform, and most importantly a good enough cooler for G34 socket (unless you’re ready to DIY mod an incompatible one) - like those elusive Noctua’s ! - is expectedly lower, the overall price will be higher and you’ll have to hunt for these parts. Even finding a new modern workstation case with SSI EEB motherboard support out-of-the-box (although E-ATX cases can also be modded) and 5.25" slots (that can be used for many awesome things other than DVD/BluRay drives, i.e. see my ProTip: buy a 5.25" fan controller while you still can" post) alone was a daunting task - luckily I stumbled upon Phanteks Enthoo Pro (yes, the 1st version - since “Pro 2” doesn’t have my beloved 5.25") - there are Tempered Glass / Closed Panel editions…
If you’d like to discuss these coreboot-supported AMD platforms in a live chat format, we can do that during our upcoming vPub’s free-for-all section if you would like - see Opensource firm/hard-ware online party "vPub" - this Thursday! (20th March) post for its schedule and join links
if anyone reads this in the future wanting to do a KGPE-D16 build 15h.org maintains a list of G34 coolers Coolers - 15h.org and a ram HCL list under KGPE-D16 - 15h.org
looking at the 15h.org build showcase you can see what cases others have used but its planned to create a dedicated case list similar to the coolers in the future