Also see specific post I wrote in Linux Laptops? System76? Other options? - #9 by dngray.
Unfortunately it is a bit of a case of “you get what you pay for”.
- Libre/firmware don’t tend to do anything particularly for security or privacy.
- Secured core, and vPro supporting chipsets are aimed at business grade laptops and have stronger compliance obligations
- Without firmware updates you can’t expect known vulnerabilities to be fixed.
While we’re not recommending specific models, the aim of Add hardware section by dngray · Pull Request #2268 · privacyguides/privacyguides.org · GitHub will be to discuss some of the things you should be looking for.