Hello lovely gentlemen, before I get going here I want to say a huge THANK YOU for selflessly automating so many good ideas in one place.
I’ve been unceremoniously digging into your wiki and general documentation, beginning (of course!) with a paradigm of Self Help 
I’m in the process of migrating from GRUB to Systemd-Boot (formerly Gummiboot) and while the port has gone well, the kernel flag:
efi=disable_early_pci_dma
Works in GRUB, but prevents booting in systemd-boot. Before I go blaming Mr. Poettering for his crimes against humanity (I jest) I wonder if the very intelligent people in this community - with years more experience in this platform than I - may have any thoughts on why this might be.
Thank you very much for any insight, time, or just your thoughts.
PS: If you have any thoughts on UKI (Unified Kernel Images) and TPM bindings, I think I have a working layout but if perhaps there are gotchas to consider, or - and this is my greater fear - by switchinig out GRUB I may remove some hardening you have provided, I would certainly like to maintain all of that, and I would love a heads-up if I have wandered into a security minefield in my experimentations. Thanks.