Sorry if I triggered the emotional part of this thread!
My 2 cents is this - the hardware industry has sacrificed privacy for the sake of enterprise customers (can hardly blame them I suppose) and that has left many of us with very few options.
We can compromise on privacy for the latest performance, and take some steps to guard against backdoors (which - at some level - we need to accept that hardware is not actively compromised or we should all go back to slide-rules...)
We can insist on the best privacy and accept using (rapidly aging) hardware.
I have no hard data on coreboot, Purism, or any of the other tools / products / companies out there. (and hope that that part of this thread has run its course)
It does seem to me that in order to even play in the market - that any company would need to take the (reasonably current) hardware that is available and do what it can to minimize the likelihood that the (assumed or proven) backdoors can be exploited.
I would like to see any company (Purism, system76 or anyone else) be
able to work with the major vendors to acquire hardware AND be able to
replace or wrap the compromised firmware to give us the best of both.
To the degree that they fully disclose what they are able OR not able to do to mitigate these risks is really between their marketing department and their customers.
For myself - I will probably end up with accepting the problems with more recent hardware for functionality and performance and try to use other security / privacy layers to minimize the risk.