Exciting news from the team at Qubes:

https://www.qubes-os.org/news/2016/07/21/new-hw-certification-for-q4/

Another important requirement we’re introducing today is that Qubes-certified hardware should run only open-source boot firmware (aka "the BIOS"), such as coreboot. The only exception is the use of a (properly authenticated) CPU-vendor-provided blobs for silicon and memory initialization (see Intel FSP) as well as other internal operations (see Intel ME). However, we specifically require all code used for and dealing with the System Management Mode (SMM) to be open-source.

While we well recognize the potential problems that proprietary CPU-vendor code can cause, we are also pragmatic enough to realize that we need to take smaller steps first, before we can implement even stronger countermeasures such as the stateless laptop I proposed a few months ago. A switch to open source boot firmware is one such very important step on this roadmap.

Of course, to be compatible with Qubes OS, the BIOS must properly expose all the VT-x, VT-d, and SLAT functionality that the underlying hardware offers (and which we require). Among other things, this implies proper DMAR ACPI table construction.