I think that the article laid out the proper defense:
- Make sure that you set a password to change the Coreboot settings and set the computer so it can’t boot from a USB port or do a network boot.
- Set your computer to always hibernate (suspend to disk), rather than sleeping (suspending to RAM).
- If you plan on leaving your computer in a place where people might tamper with it, do a proper shutdown. Then when you boot up, check your Librem Key to make sure that the Coreboot settings haven’t been changed.
You do benefit from being in a technological niche, since so few computers use Coreboot, but there are enough Chromebooks in the world, that a sophisticated attacker will have figured out how to deal with Coreboot, and not just focus on the UEFI from AMI, Award or Phoenix.