If China had the means to design and manufacture such complex "spy chips" then it would also have been able to manufacture lookalike replacements for legitimate chips on the board such as the BMC chip itself. This would not only have been more difficult to detect (as there are no unexpected additions or changes to the board), but far easier to implement involving fewer people. All that would need to happen is to substitute the bogus chip for the real chip as supplied to the manufacturing factory which could happen anywhere along the supply route, or been done via a "black bag" operation substituting the stock in the warehouse of either factory or supplier. Nobody at any factory need be aware of any changes. No highly difficult modification to the PCB layup (putting a chip between fibreglass layers would require a different and completely non-standard manufacturing process for the PCB - everyone working at the PCB factory would know what's going on).

It simply makes no sense that such a highly complex and detectable method involving scores of people would have been used when a simple component substitution would have done the job far better and cheaper with far less probability of detection and no 3rd parties ever needing to know that it has happened.

