No, the initial boot drive doesn’t depend on what the chainloaded kernel on the main drive does.
Note, that security-misc package is unspecific to Whonix. A general package.
security-misc will be installed by default in Kicksecure and on Whonix-Host. Therefore must not break general hosts.
Can you implement a new vm-hardening package?