It’s important to establish a threat model before asking what is and isn’t a “working” solution.
If you’re a target of a determined and skilled hacker who may attempt to infect your Windows system with malware that can embed itself into the system’s BIOS, then yes, the only solution that will do what you want is completely separate devices. That way, if and when your Windows device becomes compromised in this way, the malware will not affect your Kicksecure device. You might also want to assume you are targeted in this way if you want to learn the habits needed to deal with such an attacker, should you become targeted in the future.
In practical terms, it is unlikely you need to defend against such threats, as attackers generally don’t put this kind of effort into attacking random individuals. Kicksecure’s documentation and features tries to cater to users that have to fear firmware rootkits, but it’s up to the user to determine whether they want to worry about firmware rootkits or not. If firmware rootkits aren’t in your threat model, then you can likely use the same machine for both Windows and Kicksecure by using an external SSD as described above.