How do desktop Linux distros avoid attackers from rolling back the operating system to a vulnerable, but signed version?