OS X, Linux, and Windows all have the ability for a privileged user to introduce arbitrary steps into the boot process once the operating system has loaded - launchd plists, systemd units, services. So anybody with write access to your root disk or firmware can do arbitrary evil on a fully boot-verified system, regardless of whether they write to EFI or not.
The security model on Apple hardware seems to be "put an EFI password on your system if you are doing anything seriously confidential on it". Evil maids are thus defended against because the OS has locked the ability to write arbitrary files to the filesystem or firmware, which are roughly equivalent as far as I can tell. Cold booting the system doesn't give you the ability to write arbitrary files to the firmware or boot volume, because the EFI password prevents you from changing the boot volume and the FDE password prevents you from changing the boot volume. So where's the attack that Apple hardware enables and others don't? I don't get it.
I don't understand the threat model around boot security
The security model on Apple hardware seems to be "put an EFI password on your system if you are doing anything seriously confidential on it". Evil maids are thus defended against because the OS has locked the ability to write arbitrary files to the filesystem or firmware, which are roughly equivalent as far as I can tell. Cold booting the system doesn't give you the ability to write arbitrary files to the firmware or boot volume, because the EFI password prevents you from changing the boot volume and the FDE password prevents you from changing the boot volume. So where's the attack that Apple hardware enables and others don't? I don't get it.