[penwellr]

rickmark here: Sorry no, that's inaccurate. The T2 provides MacEFI.im4 to the Intel processor by emulating a flash controller over eSPI. So by modifying this file, and removing signature checks you can run any payload you like (see the EFI replacement video)

[MuffinFlavored]

So there is some kind of signature defeat involved, correct?

[h0m3us3r]

Yes, sigchecks had to be patched out of the kernel. And yes, it does not persist T2 reboot, but T2 only reboots if you hold power button for 5 sec. MacOS "reboot" does _not_ reboot T2.