This kind of stuff depends heavily on an individual’s threat model and computing needs.
For example, this thread is great for detached header but as the note in the first post mentions, trim being on could ruin plausible deniability and turning it off might impact performance so as to not meet users needs.
Another issue is that UEFI shows old boot entries (itll say Qubes on boot up)