Question is if you want to rebuild everything yourself in Debian or base everything on something like Chrome OS which does most if not all of that already by default. i.e. whonixify Chrome OS or chrome-ify Debian.
Most of the world seems to move into this locked down way, and I think security is one of the reasons (not just locking the customer to your software). Android, IOS, MacOS does it, some cloud providers do it, Fedora SilverBlue and ClearLinux also do.
I think an immutable and verified boot is not the problem. But maybe updates and user customization. There would need to be Apps like Flatpacks for stuff the average Whonix user installs on top of the standard Whonix, messengers and cryptocurrency stuff comes to mind.
2 Likes