diff --git a/pkgs/by-name/qe/qebspil/package.nix b/pkgs/by-name/qe/qebspil/package.nix
new file mode 100644
index 0000000..c7fef09
--- /dev/null
+++ b/pkgs/by-name/qe/qebspil/package.nix
@@ -0,0 +1,66 @@
+{
+  lib,
+  stdenv,
+  fetchFromGitHub,
+  gnumake,
+  dtc,
+  glibc,
+}:
+
+stdenv.mkDerivation rec {
+  pname = "qebspil";
+  version = "unstable-2025-10-25";
+
+  src = fetchFromGitHub {
+    owner = "stephan-gh";
+    repo = "qebspil";
+    rev = "8e4d9e676a3b3afe136cda9b953a2139ff1a32d0";
+    hash = "sha256-kWUXzeYWNxGgmjt/p9yozrWc5ouUs0XXBRfiFMlu+QQ=";
+    fetchSubmodules = true;
+  };
+
+  nativeBuildInputs = [
+    gnumake
+    dtc
+  ];
+
+  preBuild = ''
+    # Create a symlink to glibc's elf.h for gnu-efi
+    mkdir -p external/gnu-efi/inc/sys
+    ln -sf ${glibc.dev}/include/elf.h external/gnu-efi/inc/sys/elf.h
+
+    # Set up build environment
+    export SRCDIR=$PWD
+    export OUTDIR=$PWD/out
+  '';
+
+  makeFlags = [
+    "QEBSPIL_ALWAYS_START=1"
+    "CROSS_COMPILE="
+    "ARCH=aarch64"
+  ];
+
+  enableParallelBuilding = true;
+
+  installPhase = ''
+    runHook preInstall
+
+    # Install the EFI binary
+    mkdir -p $out/share/efi
+    cp out/qebspilaa64.efi $out/share/efi/
+
+    # Also create a symlink in a more standard location
+    mkdir -p $out/lib/systemd/boot/efi
+    ln -s $out/share/efi/qebspilaa64.efi $out/lib/systemd/boot/efi/qebspilaa64.efi
+
+    runHook postInstall
+  '';
+
+  meta = with lib; {
+    description = "UEFI boot driver to start co-processors on Qualcomm platforms late during the boot process";
+    homepage = "https://github.com/stephan-gh/qebspil";
+    license = licenses.gpl2Only;
+    platforms = [ "aarch64-linux" ];
+    mainProgram = "qebspilaa64.efi";
+  };
+}
diff --git a/pkgs/by-name/sl/slbounce/package.nix b/pkgs/by-name/sl/slbounce/package.nix
new file mode 100644
index 0000000..fdaca34
--- /dev/null
+++ b/pkgs/by-name/sl/slbounce/package.nix
@@ -0,0 +1,101 @@
+{
+  lib,
+  stdenv,
+  fetchzip,
+  fetchgit,
+  fetchFromGitHub,
+  buildPackages,
+  dtc,
+}:
+
+let
+  aarch64-system-register-xmls = fetchzip {
+    url = "https://developer.arm.com/-/media/developer/products/architecture/armv8-a-architecture/2020-06/SysReg_xml_v86A-2020-06.tar.gz";
+    stripRoot = false;
+    hash = "sha256-wpWMIdR4v4sGZ0FEn/j5+AzkpPFOF7lUKIFpVl5AMEE=";
+  };
+
+  arm64-sysreg-lib = stdenv.mkDerivation {
+    name = "arm64-sysreg-lib";
+    src = fetchFromGitHub {
+      owner = "ashwio";
+      repo = "arm64-sysreg-lib";
+      sparseCheckout = [ "/" ];
+      rev = "d421e249a026f6f14653cb6f9c4edd8c5d898595";
+      hash = "sha256-vUuV8eddYAdwXGQe+L7lKiAwyqHPYmiOdVFKvwCMWkQ=";
+    };
+    nativeBuildInputs = [
+      (buildPackages.python3.withPackages (ps: [ ps.beautifulsoup4 ]))
+    ];
+    buildPhase = ''
+      python ./run-build.py ${aarch64-system-register-xmls}/SysReg_xml_v86A-2020-06
+    '';
+    installPhase = ''
+      mkdir -p $out/include
+      cp -r include $out/
+    '';
+  };
+
+  gnu-efi = fetchFromGitHub {
+    owner = "ncroxon";
+    repo = "gnu-efi";
+    rev = "3.0.15";
+    hash = "sha256-flQJIRPKd0geQRAtJSu4vravJG0lTB6BfeIqpUM5P2I=";
+  };
+
+  dtc-src = fetchgit {
+    url = "https://git.kernel.org/pub/scm/utils/dtc/dtc.git";
+    rev = "v1.7.2";
+    hash = "sha256-KZCzrvdWd6zfQHppjyp4XzqNCfH2UnuRneu+BNIRVAY=";
+  };
+
+in
+stdenv.mkDerivation (finalAttrs: {
+  pname = "slbounce";
+  version = "5";
+
+  src = fetchFromGitHub {
+    owner = "TravMurav";
+    repo = "slbounce";
+    tag = "v${finalAttrs.version}";
+    hash = "sha256-w+0SKR0A/hcFU6iFEOgyG+vWwgAWF8h9D0/X7GSFm7w=";
+  };
+
+  nativeBuildInputs = [ dtc ];
+
+  postPatch = ''
+    rmdir external/{arm64-sysreg-lib,dtc}
+    ln -s ${arm64-sysreg-lib} external/arm64-sysreg-lib
+    ln -s ${dtc-src} external/dtc
+
+    cp -r ${gnu-efi}/* external/gnu-efi/
+    chmod -R u+w external/gnu-efi
+  '';
+
+  makeFlags = [
+    "CROSS_COMPILE=${stdenv.cc.targetPrefix}"
+    # Force EL2 switch regardless of DTB detection
+    # Without this, slbounce checks for 'dtbhack-el2-overlay' in DTB
+    "SLBOUNCE_ALWAYS_SWITCH=1"
+    # Enable debug output
+    "DEBUG=1"
+    "all"
+  ];
+
+  installPhase = ''
+    mkdir -p $out/share/slbounce
+    cp out/*.efi $out/share/slbounce/
+
+    # Also build and install DTB overlays
+    make dtbs || true
+    mkdir -p $out/share/slbounce/dtbo
+    cp out/dtbo/*.dtbo $out/share/slbounce/dtbo/ 2>/dev/null || true
+  '';
+
+  meta = with lib; {
+    description = "EL2 (hypervisor mode) enabler for Qualcomm Windows-on-ARM devices";
+    homepage = "https://github.com/TravMurav/slbounce";
+    license = licenses.gpl2Only;
+    platforms = [ "aarch64-linux" ];
+  };
+})
diff --git a/pkgs/by-name/tc/tcblaunch/package.nix b/pkgs/by-name/tc/tcblaunch/package.nix
new file mode 100644
index 0000000..b41bc80
--- /dev/null
+++ b/pkgs/by-name/tc/tcblaunch/package.nix
@@ -0,0 +1,96 @@
+{
+  lib,
+  stdenvNoCC,
+  stdenv,
+  p7zip,
+  curl,
+  jq,
+  cacert,
+}:
+
+let
+  version = "22621.6060";
+  # Fixed-Output Derivation to fetch winre.wim from Microsoft CDN via UUPDump API
+  winre-wim = stdenvNoCC.mkDerivation {
+    pname = "winre-wim";
+    inherit version;
+    nativeBuildInputs = [
+      curl
+      jq
+      cacert
+    ];
+
+    UUP_ID = "b90029a9-23b4-4558-9687-2142f79e5ae2";
+
+    dontUnpack = true;
+
+    buildPhase = ''
+      runHook preBuild
+
+      echo "Querying UUPDump API for winre.wim..."
+      WINRE_URL=$(curl -s "https://api.uupdump.net/get.php?id=$UUP_ID" | jq -r '.response.files["winre.wim"].url')
+
+      if [[ -z "$WINRE_URL" || "$WINRE_URL" == "null" ]]; then
+        echo "ERROR: Failed to get winre.wim URL from UUPDump API"
+        exit 1
+      fi
+
+      echo "Downloading winre.wim from: $WINRE_URL"
+      curl -L -o winre.wim "$WINRE_URL"
+
+      runHook postBuild
+    '';
+
+    installPhase = ''
+      runHook preInstall
+      cp winre.wim "$out"
+      runHook postInstall
+    '';
+
+    outputHashMode = "flat";
+    outputHashAlgo = "sha256";
+    outputHash = "sha256-jEBM0ZXEqe7HEjbpQdWNumWH5/KmCuGnIcIlFGN3W6g=";
+
+    SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
+  };
+in
+stdenv.mkDerivation rec {
+  pname = "tcblaunch";
+  inherit version;
+  src = winre-wim;
+
+  nativeBuildInputs = [ p7zip ];
+
+  dontUnpack = true;
+
+  buildPhase = ''
+    runHook preBuild
+    echo "Extracting tcblaunch.exe from winre.wim..."
+    mkdir -p extracted
+    7z e "$src" -oextracted 'Windows/System32/tcblaunch.exe' -y
+    if [[ ! -f "extracted/tcblaunch.exe" ]]; then
+      echo "ERROR: tcblaunch.exe was not extracted"
+      exit 1
+    fi
+    ls -lh extracted/tcblaunch.exe
+    runHook postBuild
+  '';
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p "$out/share/tcblaunch"
+    cp extracted/tcblaunch.exe "$out/share/tcblaunch/tcblaunch.exe"
+    chmod 644 "$out/share/tcblaunch/tcblaunch.exe"
+    runHook postInstall
+  '';
+
+  meta = {
+    description = "Microsoft tcblaunch.exe for Qualcomm Secure Launch (required by slbounce)";
+    homepage = "https://github.com/TravMurav/slbounce";
+    license = lib.licenses.unfree;
+    platforms = [
+      "aarch64-linux"
+      "x86_64-linux"
+    ];
+  };
+}