Bug report instead of feature request because it used to work until https://git.archlinux.org/svntogit/packages.git/commit/?h=packages/prebootloader&id=88bac02c2d44724a4684b06aa38e0add11161cd7

Ideally, if somebody could get to ping Jejb for updated signed binaries it would be best.
Another alternative (as mentioned on Arch Wiki) is Fedora shim, but I haven't tested this directly and I wouldn't know whether it offers a worse or better OOTB experience.

This issue is getting more and more severe with time, since (putting aside 99% of computers are sold with SB enabled by default), W10 certification requirements dropped the "can be disabled" criteria and most OEMs are getting quite lazy.