And so can Nintendo on a Switch, but Apple can't do that on a Mac. This is clearly a theoretically possible scenario, the question is whether it's practical on something that's sold as a general purpose computing platform (which iOS devices aren't)
Sorry I'm not trying to split hairs. I don't see why it wouldn't be practical on a macOS device (agreed that on a Mac today this is not possible based on the state of publicly available macOS software). Apple has been slowly moving that direction and IMO the only reason they haven't dialed it up to 11 is because they don't want to break everything including users' workflows. But they could release a state of the art macOS laptop ~tomorrow that squeaks like iOS from a security angle.
Anyway you're right that's besides the point now. My original point (rephrased to Linux) was that a desktop leveraging secure boot plus the recent work to harden the boundary between kernel and root plus something like (as you pointed out in the other thread) IMA could, I think, meet the original commenter's requirements.
