Linux

While technically not a Linux distro, Qubes OS is the gold standard. With the primary cons being that it's kinda hard on system requirements and it doesn't play nice with dedicated GPUs and thus software that would require it.

Honorable mentions would be Fedora Silverblue/Kinoite/Sericea, Kicksecure, openSUSE Aeon/Kalpa and Vanilla OS. Of course, regular Fedora and openSUSE Tumbleweed are still good even without being immutable. The aforementioned distros all have varying levels of hardening out of the box. While the offerings of Fedora and openSUSE have better defaults than most other distros, Kicksecure -which is made by the same team behind Whonix- is almost completely hardened from the get-go. Vanilla OS is in a major overhaul, so I refrain from making any strong judgements on it yet.

For whatever it's worth, a couple of years ago the (infamous) Madaidan (AKA security researcher on Kicksecure and Whonix) did recommend running minimalist distros like Alpine, Artix, Gentoo and Void for the sake of security. However, he did that recommendation on the basis of minimalism and zero-trust. However, that would require the system administrator (read: you) to actually know their shit. Which, unfortunately, is often times not the case as not everyone that's sensitive of their digital security proceeds to study cybersecurity. That's where the "honorable mentions" in the previous paragraph come into play; all of the distros that were mentioned within actually have shown to take security very seriously and acknowledge with the amount of heavy-lifting they do that they hold a sense of responsibility in that regard.

Im most interested in blendOS, because its based.

I once had an interaction with its primary developer and the dude was oblivious on which MAC was configured on his distro; spoiler-alert: none. It does a bunch of cool stuff, but I wouldn't call it secure (by default) by any stretch of the imagination.

I guess you're getting to the point in security where you really should consider the cost/benefit of safety vs convenience. Do you really want or need to have an immutable system? While there's obviously an argument to be made about the security benefits on those distros, I'd say that they're mainly made for CI/CD, cloud environments etc, and probably not something you want to put in a laptop and use as a daily driver. Your laptop is likely already more secure than 99% of other laptops, and in the end all you need to not get malware are a firewall and common sense if you're not an exposed entity.

Seems to me like you already have a secure setup. You just need to keep it secure. I personally can't imagine downgrading from using Arch to an inflexible immutable distro.

What's your use case?

How is blendOS based?

And personally most distros will do since linux is secure over all. I like Linux Mint personally and is good for programming and generic use.

Your setup is already pretty good, but I can recommend Silverblue with my personal use.

Puppy Linux - the OS is spooled into RAM from a single signed compressed image. by default there is no write back to physical data store; this can include user folders etc. each boot can be a clean slate.

Since the OS itself is in a single compressed & signed package, if someone alters it via a sidecar boot to an alt OS, it and you would know.

When there are chain of custody issues it is pretty secure when added with the usual bevy of other securing options.

Depends on your use case, but any up-to-date distro is secure. Security issues mainly comes from the user's actions.

OpenBSD.

Period.

Sure, you can harden Linux to the same level of security. But OpenBSD comes with all the goodies installed out of the box.

nixos. make containers, easy encryption and firewall config, immutable /etc and a lot of small stuff that makes this more secure

You want Qubes. And keep a stick of TAILS on you for high-risk situations. But Qubes is your easy daily driver.

I'm not really into security-focused distros, but heard good things about QubesOS. Also, what about OpenBSD?

Few of the recommendations here are good for general use. I'd recommend fedora silverblue

a secure distro for normal daily use

Any distro, really. Tails and Tor may have some extra features but aren't mandatory by any means. Just make sure Common Sense Antivirus (tm) is g2g and you should be good.

Use qubes os I guess

I would recommend VanillaOS because it's not as difficult as QubesOS and immutable with encryption.

I'm guessing pull the plug wile the computer and never log back into the internet. What are you so paranoid about.

Maybe parrot os

Pen and paper