How to check the integrity of (lack of tampering with) L14 firmware without Librem Key?

Right. My bad. In theory though the question still stands. What happens if I
a) remove your entire disk, and
b) replace the encrypted disk with an unencrypted disk (which still prompts for the “LUKS” password and then politely transmits it to the hacker who can now decrypt your entire disk)?

Of course that won’t be subtle. Once the computer boots, you will be able to see that your disk is no longer there (unless the attacker is more clever than the blunt attack described above).

An obvious way to counter that is for the firmware to be configured to know that the disk must be encrypted and refuse even to boot if the disk is not encrypted.

Haha, well, the hacker will likely have trouble with the transmission part (unless they know that I will be entering my password while in an area with some Wi-Fi known to them and I stupidly turn the Wi-Fi kill switch on before seeing that the disk is mine). Other than that, yeah, my data would be in the hacker’s hands.