With BGRT hacking, users can update the OEM boot logo graphic with their own. Apparently this is very popular, there’re a few BGRT posts on this blog that’re consistantly highly-viewed. Here’s a new BGRT tool:
Changes the boot screen image on a UEFI computer. This is a remake of Ben Wang’s windows_custom_loader.efi, the source code of which is long lost. Several incompatiblities with non-Apple UEFI implementations are addressed, and you can now replace the logo without recompiling the whole program.
[…]
Security: Loading untrusted image into memory is dangerous. BGRTInjector only reads the image file from the volume (partition) it lives in, and ESP partition is usually protected under end-user accessible operating systems, so we can assume only a system administrator or a evil maid can load an evil image. Additionally BGRTInjector does some basic sanity checks on the image file, but it is still prone to specially crafted evil images. If you are not signing your own Secure Boot keys, using BGRTInjector means Secure Boot will be unavailable. In Windows loader mode, BGRTInjector does not verify the authenticity of the target bootloader.
Firmware Security 