I just checked on my Dell workstation at work and it seems they are now using this method to load the Lojack anti theft rootkit. I see the wpbbin.exe file and it's signed by Absolute Software.
I guess that is what the feature is designed for, though.
Many computer manufacturers seem to do this at least. There might be a way to trick the UEFI into thinking that you’re installing a non-Windows OS but I’m not sure.
UEFI doesn't install anything. It provides a machine-specific binary for Windows to install (intended to ensure that Windows has proper drivers for all the machine’s hardware).
Windows then decides to install this, based on the assumption that OEMs won’t bundle non-critical shit-ware using this method. Which has turned out to be the faulty assumption here.
Either way: Use any other OS except Windows and these UEFI-bundled binaries does nothing. They’re duds.
UEFI doesn’t need to be “tricked” and it can’t force the installation of anything into an OS not wanting it.
It’s really simple, so no need to invent overly complicated threat models.
I think the parent is getting confused because previously Lojack did work as they describe, by injecting its binaries into the filesystem like that. But I guess they have now switched to using this WPBT feature instead.
Here's a random article covering it https://www.howtogeek.com/226308/the-windows-platform-binary...
You can find others by searching for "lenovo wpbt" or "lenovo unremovable crapware".