Why is it a new surface? Either you can run UEFI code, or you can't. Attacking the JS interpreter itself is unrealistic IMHO, it's the poorly written JavaScript running on top of this that might open new surfaces of attack. But other UEFI code is mostly written in C or C++, so let's call that a wash?
It's just a silly experiment; the real endgame is to make a bootloader that is customisable using HTML/CSS/JS
Since PDFs can contain JS, presumably that should be the preferred way of modifying your boot loader.
Yeah that's the natural next step, I'll work on that next
Why not?
Because this can end very badly. It is a new surface to attack
Exactly! It's actually great! More ways to jailbreak stuff.
Why is it a new surface? Either you can run UEFI code, or you can't. Attacking the JS interpreter itself is unrealistic IMHO, it's the poorly written JavaScript running on top of this that might open new surfaces of attack. But other UEFI code is mostly written in C or C++, so let's call that a wash?
Maybe? What's your threat model?