“[GNU/]Linux being secure is a common misconception in the security and privacy realm.”
https://madaidans-insecurities.github.io/linux.html
“[GNU/]Linux is thought to be secure primarily because of its source model, popular usage in servers, small userbase and confusion about its security features. This article is intended to debunk these misunderstandings”.
Based on this, one should try to do as much as possible on a GrapheneOS device
I agree there needs to be a
So Linux Distros like Fedora Atomic could get close to that, by shipping the hardened components etc. But for now, this would simply break apps. And having fully verified boot requires a custom BIOS or something else, like a bootloader on your USB stick or whatever.