I am not the creator of the video but amazed what it all makes it into the stable branch.

agree. you mention debian and arch. I have also tried both of them. the problem with arch (rolling distribution) is that you are forever updating and you never know what exactly has changed in the system and you have to look. You can still have so much experience and solve problems, but they always cost time. all this from a daily user perspective is crap.

from a security point of view, new software can contain security loopholes just like old software. i’d rather have a stable base where i can easily keep an eye on changes than daily updates.

Debian support it too. The kernel is secure boot ready and it’s very easy to sign nvidia kernel module with the default shipped key via mok.

This is a very nice guide with encryption support where you can learn a lot: https://gist.github.com/orhun/02102b3af3acfdaf9a5a2164bea7c3d6 . Please note i’m not the author.