nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqtj85y66ltw6deckl7kk8qw8akpd3y6ktd4gf2vw2ej75e9gfwftq9e9chj Recent ARM Macs are the only desktop/laptop devices with comparable hardware security able to properly defend against these kinds of attacks. That's also not really the case anymore if you replace macOS with something else since the hardware-based security needs to be properly leveraged by the OS. Most desktop/laptop hardware is wide open to physical data extraction and don't even get proper ongoing firmware patches for remote vulnerabilities let alone defending against this attack vector.
nostr:nprofile1qy2hwumn8ghj7un9d3shjtnddaehgu3wwp6kyqpqtj85y66ltw6deckl7kk8qw8akpd3y6ktd4gf2vw2ej75e9gfwftq9e9chj Sure, but traditional desktop Linux distributions have far larger kernel attack surface, don't enable much more basic exploit protections and nearly entirely lack a privacy/security model throughout the overall OS. They don't deploy modern exploit protections in the kernel or userspace, aren't heavily moving to memory safe languages, don't have a proper application sandbox let alone it being the only way applications are used, etc. Nearly all of the hardware also lacks very basic security.
Discussion
Feeling good about the most secure setup on mobile with GrapheneOS as it follows the Free Open Source model, but using MacOS is a hard pill to swallow.
Don't wan't to support the closed garden approach, but a Linux desktop is challenging to be configured for max security if even possible.
Apple has significant advantage on the hardware and security by default.
Still rocking Asahi Fedora Remix with encrypted root on an M1 Macbook Pro, but wonder if I should give in to use MacOS for travel.