Re: Let's not go overboard with this.
Let's arm-chair-design a recreation of this exploit, and see how close we get to the real thing, after all the facts come out, shall we:
1. Since the BIOS/UEFI is still loaded from an SPI FLASH chip, which is in a very standard form-factor (read: wastefully large blob of plastic around a tiny FLASH chip), it's easy to make an identical package that houses 2 memory areas.
Switch the memory areas after 100 hours of power-on, or after 20 BIOS-loads. Now you have control over the BIOS boot sequence AFTER the board has been tested and installed in location.
2. Next, let's make an USB flash drive, but package it like a USB over-voltage-protector diode package. One of those small ICs that you see hugging the USB bus near the connector, in any properly designed circuit board, protecting the other ICs from your static-electricity-laden fingers.
It'll be the largest over-voltage protector you've ever seen, but it'll still pass inspection.
TVS diodes come in many packages. A government-standard suppressor package may be larger.
Again, activate after 20 power cycles, if (and only if) there is no other device attached to the USB bus.
3. Leverage one of the well-documented standard ways to do a Superfish on the Windows installation.
Scratch that. Just do a proper Superfish after switching the SPI chip memory areas. No need for the USB drive after all. Left as-is for posterity.