I really appreciate the scorched earth efforts to redo computing with security from the start, but personally I have reached the conclusion that compatibility is key to adoption, and that desktop focused linux distros like ubuntu with yolo security being used for servers is the practice causing the most harm we must end as soon as possible.

QubesOS falls really short in supply chain integrity, and server solutions, but IMO the overall hypervisor/IOMMU isolation architecture is the most practical and compatible way forward though nowhere near as elegant as some of the ideas in Genode.

In EnclaveOS my team and I chose to focus on remote attestation and best available security isolation technologies available to most server CPUs while still using (hardened) linux kernels. We talk about this here: https://distrust.co/blog/enclaveos.html