kernel.org compromised

A Linux Live CD/DVD is a really nice way to inspect your laptop hard disk without having to remove it. Assuming you trust your BIOS to boot from CD when told to, you can be pretty confident that running from a known-good Live CD is safe. You can then use a checksumming tool to verify that the OS files on your hard disk (including the Linux kernel and its modules) match those on the CD. Assuming this all works out, your laptop is now a trusted platform again. For anything where the Live CD mismatches the hard disk, you can move the files from the hard disk aside and replace them with the ones from the Live CD, usually without compromising the usability of the laptop very much.

Of course the usual bootstrap problems apply. How do you get a known-good Live CD given a compromised laptop? How do you get known-good checksums for configuration files and the like that are necessarily configured for your laptop? You can imagine answers to questions like these; ideally, someone would have worked on these answers for common Linux distros, but I'm not aware of much offhand.