Mainboard enhancements for security, fail-safe

even so I like the sustainable concept of framework a lot, security and fail-safe are major points.
to make it a more secure laptop

  • use (core-) boot-env to disable the infamous IME
  • the masterkey of the TPM chip must only be known to/programmable by the user
  • a second M2 nvme for Raid 1 for the OS
  • a power-off switch for the wireless BT/WIFI card

for me, the next challenge & therefore HW, needs to run QubeOS, due to sensitive information which will be processed.