Should (lesser) Adversaries with Physical Access be part of the Threat Model of Whonix / Whonix-Host / Kicksecure?

These examples aren’t great since apparmor and firewall aren’t processes.

Also I didn’t see a feature to kill any specific process.

To do what? → Advanced adversary.

To do what? These will end up only accessible by root and on a hopefully encrypted disk?
Disk not encrypted + physical access → running machine → game over anyhow.
Disk encrypted + physical access…

Advanced adversary.

I’ve tried all sysrq commands and didn’t see any command to dump RAM contents to console.

Crash dump for RAM contents still requires an active login session. But if we assume physical access + an active login session, then it’s easy to plan malware anyhow.