What are the broader implications when it comes to access, security, vulnerabilities, etc?
ITT:
ELI5ELIPhDI’m not sure I completely understand the question.
But vendor / custom UEFI implementations could obviously pass around whatever structures they want.
The EFI RUNTIME services - for example - could expose custom functions in a proprietary UEFI implementation. Though in my experience this usually is not the case.
Grub should run as an EFI bootloader binary after core UEFI is done. Afaik there is no particular ring / exception level required here. It could vary depending on UEFI implantation.
on android arm32/64 devices I obviously don’t see grub, but core EFI handles and services are not modified much. If anything it’s just expanded to support the next bootloader stage and handle stuff like key combos to select next boot image