I would hope that the skill level of those who use mini-PC’s for use-cases other than pure aesthetic would be able to nuke both partitions and start afresh anyway, sidestepping this type of shithousery.

For sure, but what if it were a UEFI-embedded rootkit? Even Lenovo had those back in the day. And these days, with LogoFAIL vulnerable firmware still out in the wild, anyone in the supply chain could embed a malware in the UEFI (assuming that new boxes are still being shipped with vulnerable firmware, which, I won’t be surprised if they were, as most of these small time vendors are pretty bad at pushing firmware updates).