Lately I’ve been re-examining my reasons for using Chrome OS despite the privacy concerns (Google per se isn’t in my threat model, but that doesn’t mean I want to feed them everything) and found my biggest reason is its use of verified boot, which ensures that only signed and approved code is executed. The root of this trust (not sure if correct terminology) is in a ROM.
When combined with powerwash and a small attack surface, this means that even if malicious actors do somehow punch through the system, persistence is almost impossible to maintain against someone who diligently reboots, which is trivial given how quickly the system starts up.
One of the things that disappointed me most when first using Qubes was that Anti Evil Maid only supported machines with TPM 1.2 and not the newer TPM 2.0. This means the vast majority of recent machines don’t support it, and getting a fresh (not second-hand) machine is hard and getting harder as time goes by.
On top of that, AEM is a weaker variant of secure/verified boot. This is something that probably can never be fixed until there are official Qubes PC vendors because it’s an issue of installing or distributing hardware roots of trust, as well as other issues, based on my limited technical understanding.
I believe Qubes is highly secure, but it can be so much more resilient both online and off with the addition of something akin to verified boot, or just a maintained, updated, accessible version of AEM. It’d make me less anxious about the underlying Xen getting somehow corrupted and staying that way.
Here’s an technical slideshow on Verified Boot (Chrome OS) by a Google dev (PDF).