@Patrick Thank you for the wiki links! Great survey of the mobile Linux options, none of which approach the high security profile of Kicksecure or Whonix yet. I hope that one day there will be such an option, since mobile computing apps (wallets, sensors, messaging) and speedy access are so convenient.
I began this development thread by mentioning that all my Linux devices suffered simultaneous hostile takeovers and repeated system failures inexplicably. My TAILS device did not. That is why I inquired about the possibility of developing a fully live, host-guest Whonix environment.
TAILS runs live and can persist. Whatever an attacker does during a session will not continue after rebooting. There was a live (host-guest) alpha USB Qubes iso available years ago that was not maintained and has been completely abandoned. @arraybolt3 wrote that the fs might be modified in such a way to further the design goals of this live host-guest configuration but a more comprehensive understanding appears to find this configuration unnecessary or at least not in need of becoming a priority. The features of security-misc (permission hardener, hide hardware info, proc hide pid) might secure the system to a state equivalent to the resilience of live mode. I am also interested in a mobile, laptop workstation, so 32GB+ of RAM might be infeasible and I have not yet tested that solution.
After checking out the forum again, I read that securing RAM through encryption is an area for potential development which contrasted in my mind with the amnesiac method TAILS utilizes in order to safeguard RAM against physical attacks by clearing the information instead of encrypting it. Since then, I began looking into the specifics of TAILS to see if elements of Kicksecure’s design could be implemented in the reverse direction. Upon preliminary investigation, I discovered that TAILS cannot add Kloak via additional packages and it’s sources cannot be modified in order to install the application as a systemd service. TAILS utilizes tor+https (fastly cdn) and does not offer onion repositories like Kicksecure and Debian. The Vanguards application can only be run as a clone from git and with sudo which defeats some of TAILS security elements. Kloak can’t be installed similarly as it requires dependencies. I was not aware that TAILS was configured like this and I began to speculate about if the strategy of “blending in” (by not onionizing updates and appearing uniform and like Windows whenever possible) is really that much better of an option when compared to the design of Kicksecure and Whonix.