The reason we don’t recommend hardware is because it changes regularly.
We’re also not a hardware review site.
Rule of thumb though, would be to go with modern hardware, supporting modern security features, so looking at Windows 11 certification is a good start, even if you’re a Linux user. One of the requirements for that is TPM 2.0, which is starting to be of use with things like systemd-cryptenroll and potentially systemd-measure in the future. Windows 11 hardware certification also requires that vendors provide options for enrolling custom keys.
As far as firmware goes, you get what you pay for. My 2018 XPS still gets firmware updates in 2022. If you buy super budget hardware then there is the chance that vendors will stop supporting it sooner.