I've been thinking about this kind of attack for quite a while. I'm
surprised not to have seen it for real.
Booting from a known good image is fairly easy. You put the kernel on
a read-only medium and boot from that. Floppy disk is an ideal
candidate. (The read-only mechanism for floppies is implemented in
hardware so it's fairly safe.) It would be necessary to stop root from
getting access to the cmos ram and altering the boot order.
Loading modules lets potentially untrustworthy code into your trusted
environment so the modules need checked first. A possible approach is
to use code signing so the kernel can check that the code really was
compiled by you.
With a known good kernel and modules, it's quite simple to compare
checksums and file attributes of the system files with checksums
stored on read-only media (ie install tripwire).
I've no idea how the module interface works on the newer kernels so I
don't know how easy it would be to modify to allow signing.
Peter