Writing UEFI Variable on Windows 10 IoT Core

What are my options for writing a UEFI variable in Windows 10 IoT Core? I currently have a UWP app that runs in the default user account that needs to set a UEFI variable.

• There are capabilities to have UWP apps read and write UEFI variables, as described here . This sounds good until you look at the documentation for SetFirmwareEnvironmentVariableW(), where it also says the UWP application needs to run from an administrator account. I have read that UWP can only run in the default account on IoT Core; if that's true, these capabilities are non-starters.
• Another piece of the system design incorporates a UMDF 2 driver. This driver runs in the local service account, and I can communicate with it via IOCTLs from the UWP app. This does have sufficient privilege to read UEFI variables, but as documented for SetFirmwareEnvironmentVariableW(), the UMDF driver cannot write UEFI variables. The attempt will fail, and GetLastError() will return 0x522, ERROR_PRIVILEGE_NOT_HELD.
• There's the possibility of adding a KMDF driver, which could call ExSetFirmwareEnvironmentVariable(). The caller would also need SE_SYSTEM_ENVIRONMENT_PRIVILEGE, but perhaps within a kernel driver there would be a way to elevate the privilege as needed to accomplish this task.

Are there other possibilities I should investigate?

Thanks,
Dave