TL;DR - About switching from Linux Mint to Qubes OS from among various other options that try to provide security out-of-the-box (also discussed: OpenBSD, SculptOS, Ghaf, GrapheneOS)
TL;DR - About switching from Linux Mint to Qubes OS from among various other options that try to provide security out-of-the-box (also discussed: OpenBSD, SculptOS, Ghaf, GrapheneOS)
Another step up is the confidential computing project. Requires hardware that supports it though, which sucks, but takes the virtual hardware concept and adds multi key memory encryption on top.
Remember though security without a threat model is just paranoia, so what level of hoops and investment you need really depends on what your threats actually look like.
I personally love containers and Macsec. It limits most of my concerns. I want to mess with confidential containers next, which is to say lightweight VMs in containers with memory encryption set, but thats all future to me. The irony is that I then I have to figure out attestation better for those machines since from the host they are black boxes.