I'm interessted if anyone know some way to may reverse engineer which bcd-entries get checked within winload.exe. It's more about what may else is possible? E.g. Code: bcdedit /set {globalsettings} custom:16000067 true removes the Bootlogo from Win8 (at least with BIOS mode, UEFI Unknown) but this entrie is undocumented and was kind of reverse engineer by me, but the initial input was from some Windows Embedded Tool/Component/Package. So it was kind of public/provided. There are a couple of other custom entries... and with some brute-force script I was able to destroy the system (only black screen in the end).
only for the record: Winaero (hb860) created the tool based on my script. And I still could need someone who is able to manipulate 1 (kernel-)protected registry key OR can manipulate the loaded ram data (don't know if possible in any way) - the best way would be some kind of rootkit. It's tricky but worth it and so on --> No more activation, no limitations.