I'm working on this cold storage concept by developing a plaintext image that has everything needed (Tor, Electrum, what else?), except the user's wallet data. The ISO image would be able to then be customized by the end user by adding his wallet data to the image, and remastering it, but with encryption turned on.
Of course, said master image would need to withstand scrutiny that it doesn't contain malware, won't steal your bitcoins when you boot it, etc. I'm developing it for my own personal use; everyone else will either need to do that themselves, or have some level of trust.
The remastering scripts themselves are simple and easy to check, so as long as you start with an original ISO that you trust, you can trust the output.