Not sure I get what you're after but some computer cpus that weren't 8080/z80/commodore related:
Acorn Risc Machine
Transputer [think that was used in its own right as a cpu in parallel processing machines, not just as a support device]
MIPS
Surely more than that too.

Yes I think you got me wrong in some way, but I guess that was just because my question wasn't clear enough.

Think of PCI, ACPI, ... Most modern HW component's firmware can be flashed without any need to ask the user if it's ok for him to make his PC become a VM with complete remote access (that's just one example - which is being practised in fact - but you can do many other things by firmware flashing/manipulation besides turning a PC into a VM).

Maybe now you can guess what kind of project I am thinking of by asking for the most powerful system which would not include this risk (yes, there are enough SW exploits as well). I mean, you wouldn't need that for playing the newest Ego-Shooter, just for communication which you don't to be read (well ok, saved, evaluated and then maybe read) by others automatically.

Besides the C128 the Apple 2 also came into my mind. I never had that one, but I think its components firmware also can't be flashed plus it would be more powerful than the C128?

So what would you need for secure mail communication? Just a mail program, a GPG implementation and a suitable OS. That should be possible with a Linux (or: Linux-like) distro for the C128, right?

A short while ago I read about a FreeBSD port for the C128, that would be really nice...

Honestly, the way someone could use flashing to intercept your data would require them to use a software exploit to run code locally (and with admin rights on Linux/WinNT/FreeBSD) in your machine, or have physical access to it. If someone is set on doing that, they could easily infect your HDD for similar effects.

AFAIK there is no reasonably modern PC without writable media... you'd have to go as far back as the days where you needed to load software from tapes every bootup. And even on C64/128 you'd have to say away from floppies and such.

If you really want a PC without flashable components:
A- Get a PC with a discrete (and socketed) EEPROM BIOS chip
B- Remove the chip, bend the write-protect/~write-enable line upwards (be careful not to break it, this is delicate work) and solder a little wire connecting it to a +5V (if the chip is +5V, check the datasheet)
C- Put the chip back
D- Be sure to use a NIC without an EEPROM in the socket.
E- Get an old vídeo card that can't be flashed in software... old ISA cards or something like a Trident PCI card might be okay.
F- Load your OS from a read-only media. You can achieve this by booting from a CD-ROM (perhaps with the bootloader on a write-protected floppy if the BIOS does not support booting from CDs). If your system is really small, you can just use the write-protected floppy. CD drives have firmwares, but since those don't get executed by your main CPU, I don't believe they can pose any risk. You can also use a CF card that have a physical write-protect switch, but I don't believe those are common. If you manage to get one (and a IDE/CF adapter), you can just install everything THEN lock it.
G- Have fun, and only use removable media to save your stuff.

If memory serves there's also an ultraparanoid Linux distro that doesn't write any file locally

Sorry for the late reply, I had to get a lot of things done recently.

@alexanrs
I believe that the admin/user solution on Windows is meant as a joke, otherwise there wouldn't be that many security issues / viruses etc. But even on Linux it is not that difficult to aquire root priviledges. Read this one for example:
http://www.welivesecurity.com/2014/02/21/an-i … -of-linuxebury/

I would not be so confident like you to believe that the memory infection risk would be low. And if someone infects your HDD, then you can at least un-compromise your system by overwriting it. But what about ACPI tables for example? I can tell you for sure that there is enough space to hide code (even for Linux and Windows e. g.) and let it automatically execute, which will turn your computer into a virtual machine and you have no chance (this is a controversial topic though) to notice anything of it.
And the argument "that would be too difficult since the code would have to be tailored specifically for your computer" has been rebutted by many experts during the last time.

About your floppy argument: You could put that OS on a cartridge for the C64/C128.

@Stiletto
Which distro do you mean?

Actually I would just like to find an answer on my question... Whether my idea is well-grounded or not, I think it's an interesting question which the last system(s) was/were, which didn't include any flashable components. I could also imagine that this would be the case for:
MSX turbo R
Atari (until...?)

alexanrs wrote:

If you really want a PC without flashable components: A- Get a PC with a discrete (and socketed) EEPROM BIOS chip B- Remove the […]
Show full quote

If you really want a PC without flashable components:
A- Get a PC with a discrete (and socketed) EEPROM BIOS chip
B- Remove the chip, bend the write-protect/~write-enable line upwards (be careful not to break it, this is delicate work) and solder a little wire connecting it to a +5V (if the chip is +5V, check the datasheet)
C- Put the chip back
D- Be sure to use a NIC without an EEPROM in the socket.
E- Get an old vídeo card that can't be flashed in software... old ISA cards or something like a Trident PCI card might be okay.
F- Load your OS from a read-only media. You can achieve this by booting from a CD-ROM (perhaps with the bootloader on a write-protected floppy if the BIOS does not support booting from CDs). If your system is really small, you can just use the write-protected floppy. CD drives have firmwares, but since those don't get executed by your main CPU, I don't believe they can pose any risk. You can also use a CF card that have a physical write-protect switch, but I don't believe those are common. If you manage to get one (and a IDE/CF adapter), you can just install everything THEN lock it.
G- Have fun, and only use removable media to save your stuff.

I like alexanrs' solution.

Write protected floppies and CD's on a non-flash BIOS 486 or Pentium is a ready made solution.

@forth_into_future , @firage
Now that I'm reading my post again, I think you can get away with a VERY modern i5/7 system as long as you stay away from soldered BIOS EEPROMs (my Asus Z77, for example, has a socketed BIOS chip) and using nothing but onboard stuff. AFAIK the onboard ROM for every onboard component is in the same chip, so by pulling the write-protect line high, you have a potentially flash-free system. You'll just need a read-only bootable media and you're set. Since CD/DVD/HD drives have firmwares, the best thing might be booting from a flash drive, load the system to a RAM disk and then just unplug it. Now I can't imagine a single flashable component in this setup.

Tails runs from DVD and was designed for use with the Tor network, so is very security conscious. Assuming it's still around of course.

You should be able to disable flashing your DVD drive's firmware by locating it's ROM chip, finding the datasheet and cutting/altering any necessary pins. Really not sure why you would want to do this, but heh.

I wonder if it would boot from an SD card with the PROTECT switch enabled, most laptops have these interfaces built in now, as do some industrial computers.

That also won't help you if your BIOS chip or any other hardware component is already compromised with a backdoor from the beginning. I would be very surprised if that wouldn't be the case (Compromised DES in the 1970s? And no progress until now?). But I doubt that hackers would able to use that exploit, so if that is ok for you then it's fine I guess.

@HighTreason
Oh yes, TAILS is really secure, since it must be an honour to get a 'tailored attack' by certain people.

On the software level I think that using a grsecurity kernel wouldn't be a bad idea.

HighTreason wrote:

Tails runs from DVD and was designed for use with the Tor network, so is very security conscious. Assuming it's still around of course.

That's the one i was thinking of! 😀
https://tails.boum.org/

I guess that has been fixed until now, but if you were using TAILS until the fix it was definitely NOT secure:
http://www.pcadvisor.co.uk/news/security/3532 … -i2p-component/

Sorry for my late reply on this - Work kept me being quite busy. Well, that is nonsense: Once your network device receives so-called 'magic packets', it switched into a mode which is (if you are naive enough to believe this) designed for remote maintenance - From that point on you are lost. I can provide you with up-to-date info on that if someone should be interested.
Anyway, just believe it or not: Any x86 based system can by no means get secured. A C64/C128 could definitely be secured since there is absolutely no way to patch anything, unless you invite the soldering crew for a cup of tea and give them physical access to your HW. I could imagine that my statement is also valid for a number of 68000 CPU based systems (it would be interesting to take a closer look to the Atari ST models in this regard), but e. g. any Amiga model would not be such a system as I would say.

There are Lunix(likes) distros already available for the C64/C128 (e. g. Lunix / Lng), but those are coded for the 6502 CPU (and would therefore most likely also run on the C128's 8502 CPU).
We are not talking about playing ego-shooters or developing modern software: Even the abovementioned distro running on a C64 would be sufficient enough in order to 1) Transfer a file which you want to encrypt onto it using an SD-card floppy emulator. 2) Encrypt it. 3) Go online and send it to someone running the same kind of HW. 4) It goes without saying that the whole encryption / decryption process must take place offline, and that you only go online once you wiped every readable data in order to send / receive the encrypted file. 5) You found secure a way of communication which can under no circumstances be broken.