So the hack will be getting to the maintenance laptop. From there an infected loading program will bypass the (hacked) chip security and push the trojaned firmware into the targeted LRU. That's how Stuxnet got its payload into Iranian centrifuge PLCs. Nobody actually had to sneak into the plant and gain physical access. When a firmware update is issued by the manufacturer, someone will slip their hack into that process.

Back when I was at Boeing, the ATE (Automated Test Equipment) people switched from HP-UX systems to Windows. One of the sales pitches our IT people made was that the shop floor techs could access their Outlook e-mail on the ATE consoles while not running tests. There is no faster way to infect a PC than that.