This page collects detailed discussion and possible solutions to the problem described here.
Discussion
https://wiki.ubuntu.com/HotplugRaid mentions as a possible improvement to include an (external) possibly jumpered read-only reference medium as a preferred mirror in a /boot raid, and to have it warn about any discrepancies (showing that the internal drive has been tempered with) when you boot from that external drive, possibly re-syncing the internal /boot partition and master boot records (MBR).
calesyto:
Christian, I'm not sure how this would solve the "attack" I've described?