Sovereign Server Scorecard — Maximalist Bitcoin/FOSS/Privacy Lens

Method & assumptions

Primary framing: each candidate is treated as a server capable of hosting multiple services (Bitcoin, Lightning, indexing, explorers, comms, storage, etc.).
Maximalism constraints: license freedom, forkability, and minimization of vendor control are treated as structural variables, not preferences.
Threat model: the scoring strongly penalizes hidden management engines, opaque out-of-band control planes, non‑free licensing, and “app store” capture surfaces.
Baseline node feasibility: modern hardware with adequate storage/bandwidth can run a full node, but bandwidth/storage realities are nontrivial (see Bitcoin.org full node guide and Bitcoin Core requirements).

This is a scoring model: it compresses many qualitative risks into a stable matrix. Scores reflect publicly verifiable properties (hardware platform, firmware openness, licensing, marketplace structure, and documented features), with citations embedded directly inside the relevant device sections.

Criteria & weighting scheme

Each criterion is scored 0–100. Composite score is the weighted sum.

Code	Criterion	Weight	What it measures
FHF	Firmware & Hardware Freedom	20%	CPU/platform openness; firmware control (coreboot/OpenPOWER); ME/PSP/TrustZone status; BMC (none/open/closed); vendor lock-in.
SPA	Sovereign Purity & Anti‑Capture Alignment	15%	Bitcoin-first bias vs multi-coin “crypto”; bundling of altcoin/DeFi surfaces; dependency on centralized mediation in default workflows.
ASR	Attack Surface & Remote Management	10%	Out-of-band control planes (IPMI/iKVM), hidden radios, default exposed services, and blast radius of proprietary components.
STA	Stack Transparency & Auditability	10%	How far down the stack can be audited (build docs, firmware sources, packaging, and service wrappers).
OSL	OS Sovereignty & Licensing	10%	MIT/BSD/GPL permissiveness vs non-commercial/source-available constraints; legal forkability of the core orchestration layer.
SHF	Self‑Hosting Fitness & Multiplexing	10%	CPU/RAM/storage/I/O suitability for multiple sovereign services; expandability; practical 24/7 server behavior.
CRR	Collapse‑Robustness & Repairability	10%	Commodity parts, repairability, supply resilience, ability to keep the machine useful under vendor failure or scarcity.
PTP	Privacy & Telemetry Posture	5%	Phone-home defaults, analytics, cloud ties, and ease of Tor-only / offline operation.
CRG	Community Resilience & Governance	5%	Bus factor, contributor base, governance clarity, and culture of long-term maintenance.
ENF	Energy / Noise / Footprint	5%	Power draw, acoustics, and physical footprint relative to capability (especially relevant for home/edge deployments).

Composite = Σ(score × weight). Weights are fixed above; the matrix below is the canonical source of truth for composites.

Final ranking (Umbrel excluded)

Composite values are computed from the matrix; ties are allowed when scores are equal at one-decimal resolution.

Rank	Device	Tier	Composite	Key anchor reasons	Primary links
1	Raptor Talos™ II 2U NVMe Storage Server	Ω	85.7	Owner-controlled POWER9 + OpenBMC; server-grade storage chassis.	TL2SV3 intro • OpenBMC sources
2	Raptor Talos™ II 2U SAS Storage Server	Ω	85.7	Same owner-control stack; SAS-focused storage design.	TL2SV4 intro • Talos II
3	Raptor Talos™ II 4U Rack Mount Server	Ω	85.6	Maximum headroom; power/footprint penalty keeps it just below the 2U variants.	TL2SV2 intro • Product list
4	Start9 Server Pure	I	84.6	Coreboot + IME disabled; StartOS is MIT-licensed; strong sovereign server OS.	Server Pure • StartOS repo
5	NitroPC 2	I	82.6	Coreboot/Dasharo ecosystem; ME disabling is possible but configuration-dependent.	NitroPC 2 • ME notes
6	Dasharo / 3mdeb ASRock Rack SPC741D8/2L2T	I	81.2	Coreboot-based server firmware; closed BMC/IPMI remains a strong attack-surface penalty.	Dasharo releases • ASRock specs
7	Ministry of Nodes Bitcoin Nodebox	II	79.3	Commodity refurb mini‑PC + clean Bitcoin stack; high repairability and reproducibility.	Nodebox product • Overview
8	nodl One Mk.2	II	78.6	Bitcoin-native appliance; full disk encryption + physical killswitch; SBC performance ceiling.	nodl One Mk.2 • Dojo Mk.2
9	Start9 Server One	II	78.4	Higher compute than Pure; lower firmware freedom (closed firmware).	Server One (2026) • Pure vs One
10	Penguin NAS2 4‑Bay Mini Server	III	76.0	GNU/Linux-friendly multi-bay chassis; standard x86 firmware limits.	NAS2 4‑Bay
11	Penguin NAS 2‑Bay Mini Server	III	75.3	Upgradeable LGA1200 base; fewer bays reduces server multiplexing vs 4‑bay.	NAS 2‑Bay • Manual (PDF)
12	Fulmo (RaspiBlitz)	III	75.0	MIT-licensed RaspiBlitz scripts; Pi-class hardware caps server role.	Docs • Repo • Fulmo
13	ParmanodL (prebuilt node laptop)	III	74.8	MIT-licensed Parmanode automation on commodity hardware; bus-factor risk in project.	ParmanodL • Parmanode repo
14	myNode	IV	63.0	Community Edition is explicitly non-commercial licensed; forkability and reuse are constrained by design.	Community Edition • Repo license

Tier summary

Tier Ω — Maximum owner-control substrate

Raptor Talos™ II servers (2U NVMe / 2U SAS / 4U): POWER9 OpenPOWER platform + documented OpenBMC source tree; highest firmware/hardware freedom of the set. (Talos II • talos-openbmc)
Main penalties: energy/footprint and niche supply-chain constraints; OpenBMC is open but still a distinct attack surface.

Tier I — Hardened x86 + free OS layer, sovereign-first

Start9 Server Pure: coreboot + IME disabled; StartOS under MIT; marketplace/registry default centralization is mitigated by forkability. (Server Pure • MIT license)
NitroPC 2: open firmware orientation; Intel ME disabling depends on firmware choice/config. (Product • ME documentation)
Dasharo + ASRock Rack: coreboot-based server firmware + high multiplexing capacity; closed AST2600 IPMI/iKVM is the core penalty. (Release notes • BMC/IPMI spec)

Tier II — Bitcoin-native self-hosting, consumer-deployable

Ministry of Nodes Nodebox: refurb business mini‑PC + Ubuntu Server + Bitcoin Core/electrs/mempool; high repairability. (Product • Software list)
nodl One Mk.2: Rockpi4 RK3399 appliance with full disk encryption and a physical killswitch. (Specs)
Start9 Server One: stronger compute profile; lower firmware freedom versus Server Pure; still inherits StartOS MIT licensing. (Specs • StartOS)

Tier III–IV — General NAS / DIY stacks / constrained licensing

ThinkPenguin NAS devices: strong GNU/Linux compatibility, multi-bay practicality (especially the NAS2 4‑bay), but conventional x86 firmware. (NAS2 4‑bay)
RaspiBlitz: MIT-licensed, script-based node stack; excellent software openness, Pi hardware constraints. (MIT license)
ParmanodL: MIT-licensed automation on commodity hardware; strong Bitcoin orientation; governance is largely single-maintainer. (Repo)
myNode: Community Edition is explicitly licensed as non-commercial on the vendor site; the GitHub repo also describes license restrictions. (CE license note • GitHub license section)

Full score matrix (0–100 per criterion)

Columns: FHF (20%), SPA (15%), ASR (10%), STA (10%), OSL (10%), SHF (10%), CRR (10%), PTP (5%), CRG (5%), ENF (5%).

Device	FHF	SPA	ASR	STA	OSL	SHF	CRR	PTP	CRG	ENF	Composite
Raptor Talos II 2U NVMe	98	90	70	95	95	93	70	85	75	45	85.7
Raptor Talos II 2U SAS	98	90	70	95	95	93	70	85	75	45	85.7
Raptor Talos II 4U	98	90	70	95	95	95	70	85	75	40	85.6
Start9 Server Pure	88	80	80	90	95	85	80	85	80	75	84.6
NitroPC 2	82	82	82	88	95	78	78	80	75	80	82.6
Dasharo / ASRock Rack SPC741D8/2L2T	80	88	60	90	90	95	80	80	80	50	81.2
Ministry of Nodes Nodebox	50	95	80	90	95	75	90	85	80	75	79.3
nodl One Mk.2	55	92	82	88	95	70	80	90	75	80	78.6
Start9 Server One	60	78	78	88	95	88	80	80	80	75	78.4
Penguin NAS2 4‑Bay	55	80	75	85	90	85	85	75	70	75	76.0
Penguin NAS 2‑Bay	55	80	75	85	90	75	85	75	70	80	75.3
Fulmo (RaspiBlitz)	40	95	80	90	95	55	80	90	80	85	75.0
ParmanodL	45	95	80	88	95	65	78	88	60	70	74.8
myNode	55	65	65	75	35	70	70	70	65	80	63.0

Score interpretation: 90+ implies “deep substrate sovereignty”; 75–85 implies “strong sovereign server candidates”; 60–75 implies “workable but structurally compromised”; below that implies “not suitable as a sovereignty anchor.”

Device dossiers (rationale + linked sources)

Raptor Talos™ II 2U NVMe / 2U SAS / 4U (Tier Ω)

The Talos II rack servers lead on firmware/hardware freedom: POWER9 OpenPOWER platform, with public OpenBMC sources. The 2U variants edge the 4U on footprint/noise while preserving the same owner-control security posture.

2U NVMe (TL2SV3): 2U chassis, redundant PSUs, Talos II EATX mainboard (TL2SV3 intro).
2U SAS (TL2SV4): SAS-oriented storage chassis with the same board/CPU profile (TL2SV4 intro).
4U server (TL2SV2): maximum headroom, same core platform (TL2SV2 intro).
OpenBMC visibility: Talos II OpenBMC sources are published (git.raptorcs.com talos-openbmc).
Catalog linkage: Talos II product listing shows the rack variants in production (products page).

The OpenBMC advantage is transparency, not invulnerability: it remains a distinct networked computer (BMC) and is scored accordingly under ASR.

Start9 Server Pure (Tier I)

The Server Pure is a hardened x86 mini‑server with coreboot firmware and Intel Management Engine disabled, paired with StartOS, which is explicitly MIT‑licensed and published on GitHub.

Coreboot + IME disabled: stated on the product page (Server Pure listing) and reinforced by Start9 community discussion (Server One vs Pure).
StartOS is MIT‑licensed: StartOS license file (MIT license) and supporting context (license change write-up).
Marketplace surface: the official marketplace exists (Start9 Marketplace), and multiple registries can be used (StartOS registry note).

NitroPC 2 (Tier I)

NitroPC 2 is a general-purpose mini‑PC oriented around open firmware (coreboot/Dasharo ecosystem). The ME story is configuration-dependent: documentation states that ME is not disabled by default with Dasharo Tianocore UEFI, but can be disabled via documented steps.

Product page: NitroPC 2 listing (NitroPC 2).
Open firmware positioning: Nitrokey announcement highlighting open source firmware (NitroPC news).
Intel ME details: Nitrokey documentation note (intel-me.rst) and support thread confirming ME can be disabled when ordered with the right firmware (support thread).

Dasharo / 3mdeb ASRock Rack SPC741D8/2L2T (Tier I)

Server-grade platform with strong multiplexing capacity and coreboot-based Dasharo firmware. The closed AST2600 BMC (IPMI2.0 with iKVM/vMedia) remains the decisive attack surface penalty.

Board specs (BMC/IPMI): ASRock Rack product page explicitly lists AST2600 with IPMI2.0 + iKVM/vMedia (SPC741D8-2L2T/BCM).
Dasharo release notes: open firmware status and release history (Dasharo releases).
Porting / development notes: 3mdeb write-up (porting article).
ME disable modes (Dasharo feature): documentation describing soft/HAP ME disable options (Dasharo system features).

Ministry of Nodes Bitcoin Nodebox (Tier II)

A refurb business mini‑PC running a straightforward, auditable Bitcoin stack. Strengths are repairability, reproducibility, and avoidance of proprietary orchestration layers.

Official product spec: hardware list and bundled software (Nodebox product page).
Independent summary: software included (Ubuntu Server 22.04 LTS, Bitcoin Core, electrs, mempool.space) (NobsBitcoin overview).
Independent guide reference: notes on what ships and role orientation (bitcoiner.guide MoN Nodebox).

nodl One Mk.2 (Tier II)

A Bitcoin-focused SBC appliance with explicit security controls (full disk encryption + physical killswitch). The limitation is compute headroom versus x86 servers.

Specifications: RK3399 (Rockpi4), SSD, full disk encryption, physical killswitch (nodl One Mk.2).
Related privacy-focused variant: Dojo Mk.2 adds RAID and keeps encryption + killswitch (nodl Dojo Mk.2).

Start9 Server One (Tier II)

A higher-performance StartOS server with a weaker firmware freedom profile than the Server Pure (closed firmware explicitly acknowledged in Start9 community discussion).

Product page: Server One specs (Ryzen 7 6800H) (Server One (2026)).
Pure vs One security posture: Start9 community note on Pure coreboot/IME disabled vs One closed-source software (thread).
StartOS source: StartOS repo (StartOS).

ThinkPenguin Penguin NAS (2‑Bay) & NAS2 (4‑Bay) (Tier III)

GNU/Linux-friendly NAS chassis with practical multi-disk layouts. Firmware freedom remains conventional x86/UEFI; strength is storage ergonomics and repairability.

NAS2 4‑bay specs: Intel N150, DDR5 SO-DIMM, multiple SATA ports, M.2 NVMe slots (NAS2 4‑bay page).
NAS 2‑bay overview: upgradeable LGA1200 platform (NAS 2‑bay page) and manual excerpt indicating LGA1200 motherboard (manual PDF).

Fulmo (RaspiBlitz) (Tier III)

RaspiBlitz is a MIT-licensed, script-based Bitcoin+Lightning node stack; Fulmo supports and sells RaspiBlitz hardware bundles. Software openness is high; Pi-class hardware is the main constraint for a general server role.

RaspiBlitz docs: project overview (docs).
RaspiBlitz repo (scripts): project is bash/python-driven (GitHub repo) and MIT licensed (LICENSE).
Fulmo context: Fulmo’s RaspiBlitz section (Fulmo).

ParmanodL (Tier III)

A prebuilt computer running Parmanode, a MIT-licensed automation tool for installing Bitcoin stack components on standard desktops/laptops. Hardware properties depend on the underlying machine; software freedom is high.

ParmanodL page: Parmanode site (parmanode.com).
Parmanode repo + MIT license: (GitHub • LICENSE).
Public announcement reference: plug-and-play discussion thread (Reddit post).

myNode (Tier IV)

myNode is functionally capable as a node appliance, but the Community Edition is explicitly licensed as non-commercial on the vendor site, and the GitHub repository describes additional licensing constraints. This limits OS sovereignty and legal forkability.

Vendor statement (CE license): “licensed under CC BY‑NC 4.0” (Community Edition).
GitHub license description: the repo describes a variation of CC BY‑NC‑ND (GitHub repository).

Exclusion note: one platform was removed from this page by design choice and is not listed anywhere above.