Even on Windows, you can do practically anything with a signed driver.

There's just no such thing as verifying a "secure environment" outside of extremely narrow, controlled scenarios.