I would also recommend Framework. Their firmware release cadence has improved a lot (source), plus you can always replace parts with permanent hardware issues (like AMD zen series processor vulnerabilities). Additionally, Linux is a first class citizen in their universe, and Atomic distros like Bluefin are very well supported out of the box (with working fingerprint readers, secure boot, camera, etc.)
3 Likes
I agree that the Framework is pretty good: linux support, repairability, bios security (HSI-3). It was downright refreshing opening up a laptop that respects my desire to do so.
But there’s one big downside I’ve found: it’s flimsy. The Framework 13 at least (haven’t tried the 16). The case is so thin it feels like you could snap it in half with your hands if you tried. It’s very light, which is nice, but the flimsiness has become an issue for me. I’ve had 2 keyboards fail on me. Granted, I put above average wear on them, being a heavy typer and rearranging some keycaps. But all of my key failures have occurred near the bottom edges (right and left) of the keyboard, and other users have reported similar issues. My case overall has warped a bit, and that may be a contributing factor.
It’s good these parts can be replaced, but if they need to be replaced over and over, the financial and environmental benefits of repairability become dubious.
2 Likes
Yup, have heard similar complaints (although my unit seems fine, but I do use an external keyboard mostly). I think these are teething problems with QA for a company that is still struggling with mass production (although the scale of failure is larger than what I would want). Newer Framework 13 amd seem to be better in quality for me.
Just trying to get some actionable consensus here: so if security is one’s primary concern when trying to find the best hardware to run Linux, go with Dell?
Dell is probably the least scummiest of the bigger reliable tech hardware manufacturers.
1 Like
Specifically Dell’s professional lines: Latitude or Precision. XPS is decent, too. Don’t expect a cheap Inspiron to have the security features you want.
And Framework is a decent option as well.
2 Likes
@HauntSanctuary Thanks – that’s definitely good to know.
When comparing Dell to System 76 or Framework, which of the three is better from a security standpoint?
@dumpster what makes Latitude/Precision better than XPS? And if you had to pick one (ignoring price, focusing on security), how would you choose between Framework/System76 and those Dells?
Not sure I can draw this line that clear with my current understand about the laptop market.
I don’t see HP and Lenovo that behind from Dell in security aspects with certain offerings.
My recommendation is buy a framework if they exist in your region and/or you can afford it. Small product line means better support, nowadays they have decent firmware updates, and they won’t abandon support for your system suddenly. (HSI 3)
Second best would be buying a dell since they have great linux support, deliver firmware on time, and less likely to abandon updates for latitude and other enterprise laptops. (Can go upto highest HSI levels)
I would stay away from Lenovo, their linux compatibility has suffered and their firmware releases are also a bit of a mess.
Similarly I would stay away from System76, and any other rebrand of Clevo Laptops, since their security is miserable (often HSI 0)
A big factor should be your budget and threat model. Dell laptops with very high security (secured core, memory encryption) are absurdly priced, and you can get way better specs in similar price from framework. Find the balance that wirks for you.
If budget no constraint, I’d buy the highest spec dell vpro line laptop, and set myself up as its admin using their free management software. This would allow me to do out of band uodates, remote management, etc on my machine. You’d be able to operate it even if the OS burns down/ becomes unbootable/ is corrupted.
5 Likes
I appreciate your reply!
This is a great point to mention and to be honest, it should be included as a “universal recommendation” in this community.
Buying premium hardware from any company should be a must to get the best security/privacy!
It’s hard when nobody is posting links to specific products.
I did a lot of searching and could someone please tell me if this is something that would be a good choice?
EDIT:
I’m NOT affiliated with Dell in any way. From my research this seems to be the best unit without spending too much.
For this kind of money I feel like a Framework 16 has more appealing specs.
1 Like
Yeah, for like 99.99% of people, the upgradability and repairability of Framework laptops make a lot more sense than the marginal security gains that come with other, more secure laptops.
3 Likes
Unfortunately, I’m on those 0.01%. It has been more than a year that Framework is on the talks to add support for Oculink in their 16" laptop option and personally I sent two emails to them more than 2 years ago asking for this feature. In the mean time since April this year we are able to get a Lenovo Thinkbook 14 and 16 with the Oculink port hotplug.
If some day Framework add the Oculink support for the 13" option I maybe consider getting it but until there I’ll reside in the 0.01%.
1 Like
I appreciate your replies!
Wow, this is the first time I’m looking at Framework and they look amazing 
Is this site you both are referring to?
But how are they more secure/more trustworthy and care more about personal user data than the Dell Precision Laptop I recommended or other companies like Acer, Asus etc?
their firmware updates (now) don’t suck, they don’t have OEM crapware pre-installed like acer/asus/etc, and they focus on openness. which are all relevant to “caring about user privacy” pretty directly lol
3 Likes
I appreciate your reply!
I’m just amazed that this is the first time I’m coming across this!
Is there an equivalent company that sells desktop towers? Or is the safest way to go to just buy each individual component separately and build it myself?
I looked on Framework and they don’t mention any desktops.
Safe is a spectrum 
unless you are worried about supply chain attacks or people putting nefarious hardware in your system, prebuilt is OK. My only security recommendation would be to reinstall your OS in the slim chance vendor put malware (not as likely) or just poor telemetry defaults and dumb default programs (more likely) into the base install.
You could also flash the latest BIOS / UEFI firmware while you are at it if you can - my motherboard supports USB bios updates as I suspect most mobos do. Firmware level attacks are probably more sophisticated and less of an issue, but updating them on a fresh install is about the best time to do so imo, as it’s a PITA sometimes to do it afterwords (your mileage may vary). Windows can update the BIOS for you as well if you install Windows.
3 Likes
For additional context, the reason Framework is a great laptop is that is has a focus on repairable hardware. As per the Wikipedia:
The company positions itself as a proponent of the right to repair movement, and their laptops are designed to be easy to disassemble, with replaceable parts
Desktop towers are typically something you can already do this with. Prebuilts and DIY are already repairable by yourself for the most part. The exception might be some more niche areas (iMac probably isn’t easily repairable).
5 Likes