I have an idea in mind, but I'm sure far more skilled people than me are already trying to figure it out :) That is... 64k should be just big enough to write code that will simply 'intercept' syscalls to check the signed code status of a file before running. If the instruction to do that check was removed (patch a noop into RAM?), we'd be getting somewhere...
just a pipe dream :P
