> Unless you're willing to go full iphone/xbox with no third-party hardware or OSes
And even then, you still have the entire 1st party OS attack surface to play with. Which is just _huge_ specially considering this evil maid scenario implies you have a large amount of time with full control of the device itself and all its hardware.
These evil maid scenarios are so academical in nature by now, that there is practically no way to defend against them outside academia itself.
Presumably, if you can't touch the bootloader & the device has BitLocker enabled, then you can't even get into the OS unless you either (A) know the user's password, or (B) have an exploit that can be triggered from the lock screen.
And even then, you still have the entire 1st party OS attack surface to play with. Which is just _huge_ specially considering this evil maid scenario implies you have a large amount of time with full control of the device itself and all its hardware.
These evil maid scenarios are so academical in nature by now, that there is practically no way to defend against them outside academia itself.