WoA (Windows on ARM) platforms use UEFI+ACPI for booting Windows, however on Qualcomm-bssed platforms the ACPI tables were found to be not suitable for Linux because of the heave PEP usage. For those platforms we provide DTS files in the Linux kernel tree. The bootloader chain needs to load corresponding DTB file before transferring control to Linux. On Lenovo X13s the DTB can be loaded by the UEFI, other laptops and devkits require additional steps in the bootloader chain.

One of the obvious ways to do it is GRUB (or any other bootloader). However in the past GRUB developers pointed out that this doesn't play well with the SecureBoot.

In the past @robclark has developed special application, DtbLoader, later it was reworked by @TravMurav. This app uses DMI ids to select and load the DTB. However this doesn't play well with the distributions and SecureBoot. Distro's shim is set up to load the grub binary, so additional dirty tricks are required.

Does it make sense to integrate a part of such functionality into the shim loader itself? This way we can load the DTB (if required and if it exists) in a standard way, verify the signature against MOK or distro key and then pass control to the next bootloader in a standard way, saving us from all the troubles.