[EFruit]

I could expect ONLY the DSP, ONLY the windows-individual portion, maybe 4 or 5 BIOS exploits and maybe 2 or 3 BIOS patches, about the same for Ethernet cards, maybe the CD controller, maybe 1 or two different USB firmware exploits and patches, maybe the entire PSU manipulation logic

but ALL of that? In the BIOS?

(I'd like to point out I am nowhere near the caliber of the man who's supposedly experiencing all of this. I do not know the true size of any of the aforementioned payload.)

[Glyptodon]

With UEFI/EFI it's pretty plausible that you can load additional code at runtime from elsewhere even outside of the large space available for UEFI/EFI itself. Some versions even self contain quick booting minimal environments that contain web browsers and such.