Of course, if the OS cannot be trusted, then the photo method won't work anyhow.
How can you be sure that when the bitcoin address was generated, the OS didn't supply a false "random" private key? Perhaps the OS uses a hidden algorithm to provide private keys that appear to be random, but which are actually predictable?
This is why I think a 3-tiered architecture should exist for cold storage.
1) Key generation device: Simple device which takes some entropy and generates a private key / HD wallet. This could do it using coin flips, or with a tamper proof, trusted RNG. It doesn't have to be a full fledged computer with OS.
2) Offline signing device: Used for storing the private keys and signing transactions. This could run on any pre-bitcoin OS as suggested by someone else on this thread, or a modern OS image that you trust. So long as it is airgapped, the keys shouldn't ever be compromised.
3) Blockchain management device for generating unsigned transactions and transmitting signed transaction to the bitcoin network.
The tricky part is making sure that the signed transaction from device 2 does not contain some kind of hidden encoding of your private key. But that should be unlikely if device 2 isn't compromised with malware.