Yes.
Minor stylistic question: Actually a bit weird there is a separate config file security-misc/etc/default/grub.d/40_distrust_cpu.cfg at master · Kicksecure/security-misc · GitHub just for that? Or actually good that it’s split to make review easier and perhaps allow advanced users to more easy override such settings? Where should the distrust bootloader config file be placed? An additional file? Could be. I guess it does not matter much.
Could you please send a pull request?
I haven’t found such a feature in grub. Would be interesting but just a sideline.
According to Random Seeds it seems that is for now only related to EFI booting.
But also unspecific to grub. Kicksecure / Whonix shouldn’t be dependent on any specific bootloader such as grub for security if it’s so easy to avoid by setting a kernel boot parameter.
Sideline: It has some interesting quotes that I will cite and soon add to Entropy, Randomness, /dev/random vs /dev/urandom, Entropy Sources, Entropy Gathering Daemons, RDRAND.
Related but different:
(It’s kernel command line as source of randomness. Not bootloader directly.)
Related probably interesting reads, maybe further inspiration for hardening: