> Shall root be able to modify the restore image, so that at least root can check that this modified image is not restored because the "boot time protections" works?
>If not, how are you proposing to test things? Create a super-root?
If you needed to modify a restore image, or kernel, or bootloader, you would need to disable the security mechanism. (In a dream world, by a hardware switch, but more likely through some BIOS setting.)
Presumably you'd need to do such dramatic things only infrequently, so the security would be worth the inconvenience.