I outlined an idea that would actually make distribution of SecureBoot-signed bootloader files much easier:
