Regardless, it should be possible for the third party loader to claim to be "Windows Boot Manager".
I can't imagine that there would be any cryptographic verification that the boot loader is actually "Windows Boot Manager". This is because the crypto logic is essential to check that the binary is signed by a trusted key. This process would happen before the UEFI thinks about entering the boot loader. It would also not make sense for the crypto section to make any associations between the keys and who signed them (apart from giving the user information).
Still, it seems like a bad spec to create special cases for named hardware. Hopefully, we will arrive at a standard where the OS can signal if the feature should be disabled, or make it a toggleable setting (which, from what I understand of UEFI, the OS can toggle). Unfourtuantly, depending on how strict MS is with their certification standards, this would prevent the computers from being certified.
It's entirely possible to do that, but that's a string that's (often) visible to the user. Now I'd have to remember which "Windows Boot Manager" is Windows and which is Linux.
This is a perfect example of why I don't want UEFI; I spent a long time learning how to do all of this in GRUB, and now they are putting these basic features in the firmware where they belong. Get off my lawn.
Anyway, if this is a problem, you should still be able to use a bootloader to provide the selection menu. I think it should be possible for this bootloader to leverage UEFI to avoid increasing the boot time noticeably. But I do agree that hardcoding names like "Windows Boot Manager" is horrible spec design (and maybe grounds for an anti-trust suit?).
A think I am more open to this type of workaround because I already have set up simmilar systems on my computer. For example, Java does not play nice with window managers that do not re-parent. This caused a problem in Sun's window manager "LG3D", which was non-re-parenting, so they hardcoded a special case for LG3D so things would work. So now, if software asks, I am running LG3D.
You can also look through the Linux kernel device drivers for many special cases.
I can't imagine that there would be any cryptographic verification that the boot loader is actually "Windows Boot Manager". This is because the crypto logic is essential to check that the binary is signed by a trusted key. This process would happen before the UEFI thinks about entering the boot loader. It would also not make sense for the crypto section to make any associations between the keys and who signed them (apart from giving the user information).
Still, it seems like a bad spec to create special cases for named hardware. Hopefully, we will arrive at a standard where the OS can signal if the feature should be disabled, or make it a toggleable setting (which, from what I understand of UEFI, the OS can toggle). Unfourtuantly, depending on how strict MS is with their certification standards, this would prevent the computers from being certified.