I could not find documentation anywhere online showing how to properly move /boot to external media and install grub correctly for it to work as well as making sure that it in in fact booting from the external media and not defaulting to the version on the hard drive. I may just be using the wrong search terms but nothing related comes up.
I hope to accomplish this on debian.
If I used a CD-R it would protect against evil maid attacks, remotely installed or installed with physical access.
Yes, if you fear physical attacks, miniature hardware keyloggers and/or miniature cameras other kinds of hardware bugs are at risk. Protecting /boot by storing it on an external device would only protect a small subset of less attractive attack vectors. (Nevertheless it is doable, but undocumented.)
Also in theory evil maid attacks are not always physical.
It is a physical attack by definition. By all definitions and use of the term I saw until now. I don't think introduction the confusing term of a virtual evil maid makes sense.
This is correct, but an adversary in that position, having ability from remote over a network rewriting your /boot partition can also rewrite your non-boot partition and then you’re already hosed anyway (infected by a trojan horse) without knowing about it. I don’t see how a clean boot partition would help in such a situation.