The biggest problem is the lack of a certified laptop. Librem13 was certified for R3 but as of now there is nothing certified for R4 [0]. Their stance on Intel ME is clear and good. I hope they don't give it up or water it down with commercial licensing. So theoretically if I approach them as a company and tell them I want to get Qubes on company laptops they should tell me no laptops are secure.
One of the most interesting OS project imo, I hope there will be some changes on the hardware side eventually but unfortunately I remain skeptical.
If you are already running an operating system on an Intel vPro (VT-d, TXT) laptop, you can likely run Qubes on that hardware.
If you are concerned about the Intel ME, you would need an Ivy Bridge vPro device like the Lenovo x230, plus skillz [0] that improves the security posture of all operating systems, including Qubes.
In principle every x86 operating system has this problem. The difference is in the expectations. If a laptop is certified for Windows 10 I expect it to run Windows 10 decently. If a laptop is Qubes OS certified, I expect it to run Qubes OS securely, with decent performance.
What kind of issues have you seen with Qubes on vPro laptops?
Security is only meaningful within the context of a threat model. Qubes, like every operating system, has many possible configurations, for different threat models.
One of the most interesting OS project imo, I hope there will be some changes on the hardware side eventually but unfortunately I remain skeptical.
[0] https://www.qubes-os.org/doc/certified-laptops/