Seeing the below tweet about, I wonder if anyone has done security testing against UEFI’s variables and shell aliases, similar to current attacks against the NT, the successor to OS/2, which also has console APIs (and variables).
Like Windows, UEFI also has command line shell alias command and API (part of the UEFI Shell protocol). UEFI was created back when the state-of-the-art of systems interfaces from Microsoft was OS/2 1.x, and one of the initial EFI developers was previously doing OS/2 1.x console API coding.
https://github.com/tianocore/edk2/blob/master/ShellPkg/Library/UefiShellLevel3CommandsLib/Alias.c
https://en.wikipedia.org/wiki/Alias_(command)#cite_note-EFI-Shells-and-Scripting-3
https://github.com/tianocore/edk2/blob/master/MdePkg/Include/Protocol/Shell.h
http://h17007.www1.hpe.com/docs/iss/proliant_uefi/UEFI_Edgeline_103117/v28070872.html
Firmware Security 