For example I don’t know if a cheap mini PC like the GMKtec G5 would be more likely to have firmware/driver related security flaws over a more standard PC like an older Dell Optiplex from Staples.
Maybe there is something else entirely I am overlooking. I’m not sure. Most of the complaints I’ve heard are in regards to mini PCs containing bloat and potentially malicious things installed.
My only concern to these machines is that if theyre running an intel chip, its most likely to have intel ME which is a QOL stuff but a potential backdoor. Luckily, these cheap mini pcs has most of the time, an unlocked bios, so it is easier to pull the bios bin, patch it with intel ME removal and then reflash the patched bios.
I find the US branded ones (HP, DELL, etc.) more pain in the ass to patch the bios because most of them has locked bios. Doable but a pain in the ass for sure.
Worth noting that this stands in addition to the concerns already shared by OP.
Also, that differing generations of Intel chips yield varying degrees of “disabled ME” with the me_cleaner tools and/or HAP bit flipping. With the newer stuff being more tyrannical.
For AMD, as far as I know, there exist no such efforts like me_cleaner and users are left to simply to trust the benevolence of AMD’s vendor spec for “disabling” PSP in EFI settings. Assuming that does anything at all other than being a sugar pill.