SilverLABS/SilverMetal
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
SilverMetal/docs/hardware-skus.md
SysAdmin 810301908d docs(hardware): capture Coreboot SKU shortlist for Phase 1.13 hardware pilot 
Three viable vendors today for a UK-based hardened-laptop reseller program:
Star Labs (UK), NovaCustom (NL), System76 (US). Recommended 3-SKU lineup:

- Tier 1 / Lite: Star Labs StarBook Horizon (Alder Lake-N, ME disabled,
  ~£1,140) — UK domestic, no Heads option
- Tier 2 / Pro: NovaCustom V54 (Meteor Lake, Dasharo + factory Heads,
  ~£1,210) — flagship; B2B reseller programme + custom engraving
- Tier 3 / Workstation: NovaCustom V56 (Meteor Lake + optional dGPU,
  ~£1,250+) — Qubes-certified, dual NVMe, 96 GB RAM ceiling

Key findings:
- Framework not yet shipping factory Coreboot for non-Chromebook (AMD
  openSIL port still in development per Phoronix Mar 2026); revisit Q4 2026
- Purism Librem 14 ruled out — old CPU, supply unreliable
- AMD PSP cannot be cleanly disabled in shipping firmware in 2026 — Intel
  with neutered ME wins for the hardened tier; revisit when Star Labs
  StarFighter AMD or Framework AMD Coreboot ports stabilise (~2027)
- NovaCustom is the strongest single partner: Clevo B2B reseller
  programme, factory-flashed Heads option, free UPS to UK, custom-logo
  engraving available

Operational cautions documented: Meteor Lake S0ix suspend caveat with ME
disabled (default to hibernate-only), EC firmware not 100% open anywhere
(don't market as "fully libre"), Dasharo firmware ships quarterly so
re-verify before each procurement batch.

Snapshot dated 2026-04-25; all source URLs cited for human verification.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-25 03:41:49 +01:00

129 lines
10 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Hardware SKU Recommendations — Coreboot Laptops
> **Snapshot date**: 2026-04-25. Coreboot/Dasharo firmware ships quarterly; vendor stock and policy change. **Re-verify before each procurement batch.**
This document captures the SilverMetal Linux hardware-bundle SKU shortlist for the Phase 1.13 pilot batch (10 preflashed Coreboot-supported laptops) and the recurring SilverMetal hardware product line.
## Conclusions
For a UK-based reseller program shipping a hardened Debian/Kicksecure variant in 2026:
- **Three viable vendors today**: Star Labs (UK), NovaCustom (NL), System76 (US)
- **Framework is not yet shipping factory Coreboot** for non-Chromebook models — AMD openSIL port for Framework 16 is in active development as of Q1 2026 but not shippable. Re-evaluate Q4 2026
- **Purism Librem 14 ruled out** — Comet Lake CPU is 5+ years old in 2026, supply unreliable, vendor financial stability questioned. Could remain a special-order "maximum-libre" option for specific customer requests
- **Intel + neutered ME beats AMD** for the hardened tier today — AMD PSP cannot be cleanly disabled in shipping firmware. Re-evaluate when Star Labs StarFighter AMD or Framework AMD Coreboot ports stabilise (~2027)
- **NovaCustom is the strongest partner overall** — explicit Clevo B2B reseller program, factory-flashed Heads option, UPS to UK without import friction, custom-logo engraving and blank-keyboard options
## Recommended 3-SKU Lineup
### Tier 1 — SilverMetal Lite (Budget)
**Star Labs StarBook Horizon 13.4"** — ~£1,140
- Intel Alder Lake-N i3-N305 (8C/8T, 7W TDP — fanless-class)
- 32 GB LPDDR5 (soldered), 1× M.2 NVMe up to 2TB
- 13.4" 2520×1680 90Hz 3:2 display
- Factory Star Labs Coreboot, **Intel ME disabled (HAP)**, partly-open EC firmware
- TPM 2.0 (dTPM/PTT)
- UK company → same-day domestic shipping, no customs friction
- **No Heads option** — must implement Secure Boot + measured-boot without Heads tamper-evidence (sign our own keys; enrol PK/KEK/db; bind LUKS to PCR 0/2/7)
**Position as**: "travel / secondary device / journalist road-warrior" SKU.
### Tier 2 — SilverMetal Pro (Mainstream)
**NovaCustom V54 14"** with Dasharo coreboot+Heads — ~€1,420 / ~£1,210
- Intel Core Ultra 5/7 125H/155H (Meteor Lake)
- Up to 96 GB DDR5 SODIMM, 2× M.2 PCIe 4.0 NVMe up to 4TB each
- 14" 1920×1200 or 2880×1800 16:10
- Factory Dasharo Coreboot, **factory-flashed Heads option** (we don't have to flash Heads ourselves)
- Dasharo fork of System76 open EC firmware
- ME optional disable in BIOS (HAP) — *with documented S0ix/suspend caveat*
- Hardware TPM 2.0 — works with our Secure Boot + LUKS PCR-bind plan
- NovaCustom Clevo B2B reseller program: custom-logo engraving, blank-keyboard option
- Free UPS shipping to UK
**This is the flagship SKU.**
### Tier 3 — SilverMetal Workstation (Premium)
**NovaCustom V56 16"** with optional RTX 4060/4070 dGPU — ~€1,460+ / ~£1,250+
- Same firmware story as V54 (Dasharo + factory-flashed Heads)
- Intel Core Ultra 7 155H + optional discrete GPU
- 16" display, dual NVMe + 96 GB RAM ceiling
- Qubes-certified — useful narrative for power users / journalists
- Optional dGPU opens a "local-LLM workstation" angle (relevant to SilverLABS self-hosted-AI positioning)
- Default config should be **iGPU-only** for maximum-libre buyer; offer dGPU as explicit upgrade with disclosure (proprietary GPU firmware in trust story)
## Comparison Matrix
| Criterion | Star Labs Horizon | NovaCustom V54 | NovaCustom V56 | System76 Lemur Pro | Purism Librem 14 |
|---|---|---|---|---|---|
| **Coreboot** | Factory (Star Labs distro) | Factory (Dasharo) | Factory (Dasharo) | Factory (firmware-open) | Factory (PureBoot) |
| **Heads option** | No (EDK2 only) | **Yes — factory-flashed** | **Yes — factory-flashed** | No | Yes (PureBoot = Heads) |
| **EC firmware** | Partly open | Open (Dasharo fork of S76 EC) | Open (same) | Open (System76 EC) | Proprietary blob |
| **Intel ME** | Disabled (HAP) | Optional disable (HAP, S0ix caveat) | Same as V54 | Disabled (RPL+ confirmed; MTL inherits) | Disabled + neutered (HAP + me_cleaner) |
| **CPU** | Alder Lake-N i3-N305 (7W) | Core Ultra 125H/155H (Meteor Lake) | Core Ultra 155H + opt. RTX dGPU | Core Ultra 125U/155U | i7-10710U (Comet Lake, 2020) |
| **RAM** | 32 GB LPDDR5 (soldered) | 96 GB DDR5 SODIMM | 96 GB DDR5 SODIMM | 56 GB DDR5 | 64 GB DDR4 |
| **Storage** | 1× NVMe (≤2TB) | 2× NVMe PCIe 4.0 (≤4TB each) | 2× NVMe PCIe 4.0 | 1× NVMe (≤8TB) | 2× NVMe |
| **Display** | 13.4" 2520×1680 90Hz 3:2 | 14" up to 2880×1800 16:10 | 16" up to 2880×1800 16:10 | 14" 1920×1200 16:10 | 14" 1920×1080 |
| **TPM 2.0** | Yes (dTPM/PTT) | Yes (Intel PTT/fTPM + hw TPM available) | Yes | Yes (PTT/fTPM) | Yes (dTPM) |
| **Approx price** | £1,140 / $1,058 | €1,420 / ~£1,210 | €1,460+ / ~£1,250+ | $1,399+ / ~£1,200 + VAT | $1,399+ but supply poor |
| **UK shipping** | UK domestic | Free UPS, no import friction | Free UPS, no import friction | US → UK + ~20% VAT/duty | US → UK, slow |
| **B2B / reseller program** | Contact sales (no published) | **Yes — Clevo reseller; logo engraving; blank keyboards** | Same (V54/V56 share programme) | "No local resellers" (per S76) | None published |
| **Custom OS preinstall** | Yes | Yes (Qubes preinstall offered, BYO-distro normal) | Yes | Yes | Yes |
| **Currently shipping** | Yes (announced 2026-01-06) | Yes | Yes | Yes (Meteor Lake refresh) | Yes but constrained |
## Vendors Considered and Ruled Out
- **Framework 13 / 16** — AMD openSIL Coreboot port still in development as of March 2026 (per Phoronix, 9elements). Re-evaluate Q4 2026
- **Purism Librem 14** — old CPU, supply unreliable; keep as niche maximum-libre special-order
- **Tuxedo** — Coreboot effort started, stalled; not factory-shipping in 2026
- **MNT Reform** — ARM, niche, unsuitable for mainstream Linux laptop program
- **ThinkPad enthusiast targets (X230, T440p, T480, etc.)** — cannot be sourced reliably at scale; no warranty path; EOL CPUs lack AES-NI/AVX features needed for full-disk-encryption performance
## AMD vs. Intel for the Hardened Tier (2026)
**Intel with neutered ME wins** — for now. Reasons:
1. AMD PSP cannot be cleanly disabled in shipping firmware. No `me_cleaner`/HAP-bit equivalent exists for AMD
2. Coreboot + openSIL on AMD is a research effort, not production
3. Every shipping factory-Coreboot laptop with a credible ME-disable story today is Intel
Re-evaluate when Star Labs StarFighter AMD or Framework AMD Coreboot ports stabilise (likely 2027).
## Operational Cautions
1. **Meteor Lake suspend with ME disabled**: NovaCustom explicitly notes S3/S0ix suspend limitations when ME is disabled. **Test on our Kicksecure base.** Default our SilverMetal image to **hibernate-only** for the privacy SKU and document the trade-off in customer materials
2. **EC firmware is not 100% open anywhere**: All recommended SKUs have either a partly-open or System76-derived EC. **Don't market "fully libre"** — market "hardened, transparent, ME-neutralised"
3. **Heads + LUKS PCR-bind**: Works on NovaCustom V54/V56 with the factory Heads option. Star Labs Horizon does *not* offer Heads — Tier 1 needs Secure Boot + measured-boot without Heads tamper-evidence (our own keys + PCR 0/2/7 binding)
4. **NovaCustom = Clevo reseller**: They sell Clevo chassis with Dasharo flashed on top. **Long-term firmware support depends on Dasharo continuing to fund the variant.** Check Dasharo release notes for V54/V56 quarterly to track active maintenance
5. **UK import for System76/Purism (if ever needed as fallback)**: Expect ~20% VAT + handling on top of headline USD price. NovaCustom and Star Labs avoid this
6. **Custom branding**: NovaCustom advertises laser-engraving the lid and blank-keyboard customisation — we can ship a literal "SilverMetal" engraved chassis without OEM negotiations. Star Labs has no equivalent published programme — engraving would be in-house
7. **Verify before each batch**: Re-fetch NovaCustom V54/V56 BIOS-disable-ME documentation and Dasharo Heads release notes immediately before each procurement order — Dasharo firmware versions change quarterly
## Sources
- [NovaCustom V54 Series](https://novacustom.com/product/v54-series/)
- [NovaCustom V56 Series](https://novacustom.com/product/v56-series/)
- [NovaCustom Dasharo coreboot overview](https://novacustom.com/dasharo-coreboot/)
- [NovaCustom Clevo reseller / B2B page](https://novacustom.com/clevo-reseller-europe/)
- [NovaCustom custom logo / engraving](https://novacustom.com/laptop-with-custom-logo/)
- [Qubes OS — NovaCustom V54/V56 with Heads (May 2025)](https://www.qubes-os.org/news/2025/05/20/qubes-certified-novacustom-v54-v56-now-available-with-heads/)
- [Dasharo Universe — NovaCustom overview](https://docs.dasharo.com/unified/novacustom/overview/)
- [Dasharo Universe — V560TU release notes](https://docs.dasharo.com/variants/novacustom_v560tu/releases/)
- [Phoronix — NovaCustom V54/V56 announcement](https://www.phoronix.com/news/NovaCustom-V54-V56-Laptops)
- [Star Labs StarBook Horizon (UK / GBP)](https://starlabs.systems/pages/starbook-horizon)
- [Star Labs StarBook Horizon specifications](https://us.starlabs.systems/pages/starbook-horizon-specification)
- [9to5Linux — StarBook Horizon launch (Jan 2026)](https://9to5linux.com/starbook-horizon-linux-laptop-now-on-sale-with-32gb-ram-wi-fi-6e-and-coreboot)
- [System76 Lemur Pro](https://system76.com/laptops/lemur-pro)
- [System76 Open Firmware models](https://support.system76.com/articles/open-firmware-systems/)
- [Phoronix — System76 disabling Intel ME on Raptor Lake](https://www.phoronix.com/news/System76-Disable-ME-RPL)
- [Phoronix — Framework 16 Coreboot + AMD openSIL port (Mar 2026)](https://www.phoronix.com/news/Framework-16-Coreboot-openSIL)
- [Framework community thread — Coreboot status](https://community.frame.work/t/responded-coreboot-on-the-framework-laptop/791/540)
- [Purism Librem 14](https://puri.sm/products/librem-14/)
- [Purism — Deep dive into Intel ME disablement (HAP)](https://puri.sm/posts/deep-dive-into-intel-me-disablement/)
- [Nitrokey Heads release v2.6.1 (V54/V56/NV41)](https://github.com/Nitrokey/heads/releases/tag/v2.6.1)
- [TUXEDO — Coreboot status FAQ](https://www.tuxedocomputers.com/en/Infos/Help-Support/Frequently-asked-questions/Coreboot-on-TUXEDO-Computers-devices.tuxedo)
- [coreboot.org distributions list](https://doc.coreboot.org/distributions.html)
- [me_cleaner HAP / AltMeDisable wiki](https://github.com/corna/me_cleaner/wiki/HAP-AltMeDisable-bit)
Reference in New Issue View Git Blame Copy Permalink