Why bother with a whitelist if “They have so many options to infect and sabotage security that its hopeless to try and stop them.”? What enhancement would the whitelist give under that assumption?
What’s the threat model? What kind of lesser adversary knows about SysRq? Which SysRq commands would a lesser adversary use?