> I am no expert in this, but can the boot loader hide/protect the entire Windows partition so that kernel cannot access it, nor detect it's presence?
No, not with current technology. Linux can simply undo whatever the bootloader does.
With eMMC devices, there's a "power-on read-only" lock that makes the device read-only until the next time the MMC controller loses power. If that technology were included in hard disks, something like you describe might be possible.
The eMMC power-on read-only technique was used on the T-Mobile G2 cell phone, stopping rooting of the device by making the kernel and rootfs read only inside the bootloader, before booting the kernel. It didn't hold out against sustained effort -- someone found a GPIO that the eMMC reset line was hooked up to, wrote a kernel module that pulses the line and reinits the MMC host in read/write mode before the VFS notices that anything changed, and disables the lock. Security is hard.