The standard response is that after entering the password the user will notice that the boot fails to complete to the expected Windows instance. In a high security environment this boot failure should immediately be flagged and investigated and the machine considered compromised.
Just chuck up a screen saying "Configuring update for Windows, do not turn off your PC" and reboot 2 minutes later.
There's now no evidence of compromise except a user saying "My computer rebooted unexpectedly, there was a message about windows update" - hardly something that's going to set alarm bells ringing.
Any failure to get to the expected desktop must be investigated. No exceptions.
If you ignore red flags, yeah, you are going to get owned.
Windows doesn't do that normally, it doesn't reboot after installing updates during the boot. It can only happen if the computer crashes during update install, which again, is rare and a red flag. So it's not like every week you will need to send your computer to investigations during update installs.
But of course, the evil maid can just implant your keyboard.
What if the USB Linux stick loads the NTFS partition and runs the entire Windows OS inside of HyperV? Are users supposed to learn VM escape shellcode to check their PC each time? ("You fat-fingered your shellcode? Well you deserve to be owned!")
The TPM machine check would fail in that case and the TPM would refuse to provide the crypto keys to decrypt the copied NTFS partition. That's the whole purpose of SecureBoot, to detect hardware/software changes (including HyperV).
