[sprkyco]

Typically physical control is deemed as the game ender. If this is proven to be OS executable it will be a major issue. Many of the Adobe, IE, and other high volume exploit vendors codebase zero-day root exploits would allow one to not only gain access at a root level on a machine, but now also at a much lower level. This level would negate the typical benefits of recovering from a root-level "hack" via HDD erasing or Malware Removal tools or any other method available to even tech-savvy people.

[lmz]

It very probably is (on non secure boot systems). The EFI system partition is just a FAT32 partition that can be mounted e.g. using mountvol. The EFI boot options and order are stored in changable variables (see efiboootmgr). Writing this code to ESP and setting it up to run on next boot then chainload windows doesn't sound too hard.