I don’t use or particularly believe in secure boot.
I have a fully encrypted root partition, with automatic unlocking using the TPM. Wasn’t even that hard to setup either. Bazzite makes it fairly easy to enroll a secure boot key if you really want that, as do some other distros. Nothing you are describing is that difficult.
A lot of systems use AppArmour instead of SELinux, as this is easier to work with while still providing enhanced security.
It’s a real challenge to get a fully encrypted system with secure boot (easier now but still hit or miss with Linux) and tpm.
What you’re describing is the user never security model which is as you said restrictive enough to be annoying, and more controlled than windows.
I don’t use or particularly believe in secure boot.
I have a fully encrypted root partition, with automatic unlocking using the TPM. Wasn’t even that hard to setup either. Bazzite makes it fairly easy to enroll a secure boot key if you really want that, as do some other distros. Nothing you are describing is that difficult.
A lot of systems use AppArmour instead of SELinux, as this is easier to work with while still providing enhanced security.