Yes, I know it's too early because pKVM is so new, but there was some discussion in matrix the other day about how pKVM can be used in Graphene. That got me thinking. First of all, I am not a security researcher, nor am I a GrapheneOS dev, so take these with a giant lump of salt, and don't expect any of these to become a reality. But I came up with some ideas that I feel Graphene might benefit from.
An immediate and straightforward idea is air gapped desktop machines. There is always that one app that does not have good Android FOSS support, for example video editing and PDF annotation. A Linux desktop (which is fragile) running in pVM can protect it from external exploits, and users can run desktop software in it safely. Delete after using for an experience similar to a Qubes disposable VM.
Another is shreddable files -- right now the only way to handle sensitive information and securely remove files afterwards on Graphene is to remove the entire user profile. But if we can host pVMs just for serving files, and say, create one pVM for each file in Download/ (some wrapper needs to be made for the apps to read these pVMs as decrypted files). Then, we can delete the pVM for a file to shred it (as long as the app didn't cache it), and a future compromise of the OS cannot read the shredded file as long as the pKVM is intact.
I have not read up on the attestation in pKVM, so I'm not sure how it works. But if the pVM is able to verify the integrity of the OS, then it may choose to only divulge secrets with a verified OS? If so, a secure file store may be built, and potentially even with Yubikey support.
You can even run an authenticator over there and send OTPs only with a verified OS. But in any case, a fully compromised OS cannot get the secrets from it.