That 2009 ThinkPad that the FSF certified is running proprietary blobs in updatable microcontrollers connected to the LPC bus which have full access to RAM and to take over the OS. Blobs which you can't audit, modify, sandbox, nor verify are the correct intended version.
I'd rather buy an M1; sure, it runs a pile of blobs, but at least I know those blobs are there and they're all sandboxed behind IOMMUs and cannot take over or compromise my OS.
I'd rather buy an M1; sure, it runs a pile of blobs, but at least I know those blobs are there and they're all sandboxed behind IOMMUs and cannot take over or compromise my OS.