Sounds like an interesting alternative to Subgraph OS which seems dead. https://git.arrr.cloud/whichdoc/plagueos Using VoidOS with hardened kernel and other features as hypervisor and different choices for Guest OS. Different install options according to ones IT expertise: Cli-only (Minimal installation for advanced users) Sway WM (Minimalist Window Manager (WM) for advanced users) Gnome w/ Wayland (For novice users who desire gutted desktop environment) Current implemented features: Full System Build Hardened Memory Allocator system-wide LD_PRELOAD Hardened Kernel w/ patchsets & trimming Custom LUKS Encryption (AES256XTS+Argon2id KDF) Blacklisted Kernel Modules Blacklisted File Systems Blacklisted Network Protocols IPTables Packet Filtering Hardened GRUB Boot Parameters Rolled in Whonix's hide-hardware-info script (See here) Increased Entropy with use of haveged and jitterentropy Increased password hashing rounds Full Wayland Environment options Selection between WM, DE, or CLI-only Hide Process IDs Permission hardening + immutable configurations UMASK 0077 to system-wide default Secure fstab configuration (Bind for var and tmp) Locked root account, admin account for elevated privileges Use of doas over sudo Generic Machine ID Randomized MAC address for NIC Memory erasure/poisoning USBGuard Implementation Import & Verification of Kicksecure & Whonix Encrypted DNS with DNSCrypt by default Hardened SSH configuration (SSH not installed on host by default) All commits to contain PGP signatures