As for physical access, well then yes in that case all bet's are off. If you have physical access rather than disable secure boot you should add your own key and run your self-signed malware silently.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds