How to protect from CIA #Vault7-like attacks into Linux from Windows
Solution 1:
The only way I see to avoid this scenario is to avoid dual-boot: get rid of Windows. Of course, if you think the CIA can't install malware that will hide in a desktop/laptop Linux system, you're not paranoid enough...
Solution 2:
Learn how make grub work for you, and set it up in order to boot linux distributions that are kept within .iso archives ever time that you boot. Keep your Windoze machine at home and only allow it to talk via direct hard-linked connection, to the linux box that you allow to talk to the internet on each boot, and configure all internet activity remotely, through the linux system that gets initialized each time it gets booted. For those that are hyper-paranoid, make bootable flash drives, that you keep in you pocket, and turn off boot-from-USB, whenever you leave the house, on the linux device. All involved boxes would be password protected, at the BIOS level, of course! ;^)