The maid could even install a USB keylogger, if the goal is compromising just the credentials.

This is what I mean when I say adopting the TPM is a fool's errand; I think protection against evil maid attacks is impossible.

Unless you're willing to go full iphone/xbox with no third-party hardware or OSes.

> Unless you're willing to go full iphone/xbox with no third-party hardware or OSes

And even then, you still have the entire 1st party OS attack surface to play with. Which is just _huge_ specially considering this evil maid scenario implies you have a large amount of time with full control of the device itself and all its hardware.

These evil maid scenarios are so academical in nature by now, that there is practically no way to defend against them outside academia itself.

Presumably, if you can't touch the bootloader & the device has BitLocker enabled, then you can't even get into the OS unless you either (A) know the user's password, or (B) have an exploit that can be triggered from the lock screen.

You are saying that down in a thread about how it's much easier to just switch the entire computer...

In the case of the Xbox, you can replace the mainboard with like a rpi and still achieve it quite easily (I'd say budget ~ 100€). That's harder for a smartphone (I'd say budget ~ 2000€). Either way, the budget is still lower than the price of security flaws to circumvent secure boot.