I took an action last week to provide a block of text for how platforms without persistent variable storage should behave. Here's my opening play:
Boot manager behaviour without persistent variable store =======================================================
Platforms that do not implement persistent variable storage must support the Removable Media Boot Behaviour as described by UEFI.
Such platforms can additionally implement support for additional statically[1] defined images to be processed as SysPrep####, Driver#### and Boot### global variable entries. If present, these entries will be processed in the order specified by corresponding statically defined SysPrepOrder, DriverOrder and BootOrder global variables.
Any images referred to by such variables must reside in a vendor-specific subdirectory on the EFI System Partition, as recorded in http://uefi.org/registry. /BOOT must not be used except where explicitly permitted by UEFI.
Where an executable is present in the prescribed Removable Media location, boot of that must be attempted, and only after this fails should any of the Boot#### entries be processed.
Statically configured BootNext, OsRecovery#### or PlatformRecovery#### entries must not be used.
[1] This is worth discussing, but if we were to support dynamic creation of these, we need _very_ strict rules around it.