Good question. In the communications world (so this should be quite similar) we can only do this with mathematics, e.g Diffie-Hellman key exchange. I have a hard time seeing how we could do something similar with our puny human brain, hence my first though with the usb dongle before (which of course moves the target to the dongle itself).

The two-passwords scheme is as far as I can tell as susceptible to a simple man in the middle attack as just using a single password (and case in point is the very question that you just asked that uses a MiM attack on the scheme), it proves to the user that the part of the computer doing the logon is not compromised (at least once since it only presents an image, after getting P0 the attacker now have P0 for ever) but it does not prove nor set up a secure communications channel between the user and the logon process of the computer and this is where the attack venue lies.

"I dont understand a security technology; therefore it sucks."

About 10 years ago I was doing some charity work prepping BYOD volunteer laptops for secure usage overseas. Several of them had bootkits on them. That is: there was a virus on Windows, but attempts to remove it would fail / it would come back because the NT bootloader had been infected and would reinstall the active code at boot. Removing them was possible because it was early in the arms race and there were still good removal tools that the bootkit was not designed to counter; today I would expect most removal tools to fail.

These sorts of attacks are juicy to malicious actors because if you get your code running early in the boot chain you can circumvent every protection the kernel can throw at you-- antivirus, hypervisors, disk encryption, all irrelevant. If you want a glimpse of what is possible, check out Kon Boot-- a solution for bypassing windows passwords without touching disk by using a pre-boot attack.

Secure Boot prevents these attacks.

A write only flash ? How useful is that ?

I can sell you a 100Tb write only flash chip for $10 if you are interested. Please contact me if you want some. They don't even have pins, and don't consume any power. It's a wireless write only flash.

Experience already taught us that when we do not understand technology this is used against us...

By the way it is always a Windows problem, and this problem was raised by a M$ employee what incredible coincidence...

In some environments (mine included) you are NOT permitted to allow customs in any country to examine your real data. They can look over the turned-off hardware for bombs, watch you turn it on, let it post, and NOT unlock it, but that's it: any further demands you are obligated to defy at any cost. You are advised to leave your electronics home, buy local replacements while abroad, and destroy those literal "burners" before returning home. At a mimimum phones should be factory reset. If you cannot afford a burnphone and a burn laptop, you cannot afford an airline ticket or thousands of miles worth of gas. An old protocol was a laptop with NO storage, and a non-persistant bootable USB stick or a live CD.

If you do not follow this requirement, you get the choice between letting officials of hostile governments examine your data(which in my world puts people in danger) or having to abandon the hardware to them permanently and hope your encryption key is strong enough to defeat them. The US cannot deny its own citizens re-entry over this, but outbound travel might be a do-over or even a permanent removal of the offending country from future travel plans. If the purpose of your trip is itself arrestable(e.g assisting antiwar saboteurs in Russia), traveling with zero electronics may itself attract dangerous attention. In that case a 3ed set of devices may be needed, you travel with dummies full of plausable fake vacation photos and fake shopping records.Add a few more to them on the trip, they are part of your cover. The "spicier" your mission, the more like a "normal" tourist the fake devices must look.

I would say that with current technology, aka how commodity computers are currently built, there are no way to prevent an evil maid with that kind of resources. The attack scenario of an evil maid that a TPM is secure against is the one that will just try to install something on your computer with say a flash drive. Not some one that can or will perform alterations to the actual hardware that also leave no visible trace.

But let us not fall into a nirvana fallacy here, the kind of evil maid that can perform the hw trick is far and few between, and would be a government agent targeting you or your organization specifically. My best advice in that kind of situation would be to not leave your computer in a hotel room at all

You can't, because none of these fancy scenarios are even needed. Simplest attack on a laptop (known to be used by China's MSS) is a simple inline hardware keylogger. Remove the keyboard and unplug it from the board. Plug the keyboard into the logger and the logger into the board. Close up and you are done. MSS got caught doing this when some businessman on his way back to his hotel room considered a sudden approach by a sex worker suspicious (this tactic normally gets root on the "cishit male" brain) and raced back to his hotel room.

Problem with any software or firmware evil maid is having to predict the system you will be working with. Both desktop and laptop keyboards though use only a few common connectors both inside and out. A sack with a variety of keylogger devices can cover them all

Which can be defeated by applying something on top of the keys, aka you don't have to attack the keyboard controller to read what is being typed. There are even attack venues where a mere listening device can be used since different keys makes different sounds and the time between key pressed can be used to determine which keys where pressed with quite great efficiency. To beat this 100% we would need to have a secure encryption channel all the way between the CPU and our brain, at which point the attack venue changes to performing brain surgery on us when we sleep

Why don't you provide arguments and proofs that AES makes MITMs more difficult? This smells like sealioning.

Secure Boot very plainly works as shown by the need to sign a boot shim or disable secure boot for systems like *BSD or Linux distros. As far as I am aware there are no easy workarounds for this BUT to use a signed shim.

Are they foolproof? Of course not, a signed shim could be used for evil purposes, but the signature for the shim could also be revoked. But it's much more complicated than shoving whatever code into the bootloader, and those attacks it does stop.

It is part of a complete system for securing the boot chain, and if parts of that system are missing you will obviously have attack vectors that bypass things like Secure Boot; maybe thats a really good argument for Linux to start taking seriously the push to secure the boot chain, as Poettering has detailed.

This is not true, there are known attacks on AES. Like secureboot, they're non-trivial; like secureboot, it offers good (but not perfect) security.

The question boils down to a cost-benefit analysis, and the sorts of attacks that secureboot thwarts were absolutely rampant 10 years ago before secureboot became commonplace.