On an unlocked device the kernels signature isn’t checked, therefore you can just flash a custom kernel as you wish.
That’s exactly what is happening when flashing Magisk or TWRP (using the twrp-installer) to the device.
They both modify the boot partition.
Installing Magisk actually disables verity so you can modify the system/vendor partitions without breaking it.
Regarding EDL you would typically need a manufacturer signed firehose-programmer.
This is basically sbl1 with the added implementation of the firehose protocol.
The certificate-chain used for verifying sbl1 is apparently using test-certificates ?!:
Subject: C = US, ST = California, L = San Diego, OU = General Use Test Key (for testing 13 only), OU = CDMA Technologies, O = QUALCOMM, CN = QCT Root CA 1 Subject: C = US, ST = CA, L = San Diego, OU = CDMA Technologies, O = QUALCOMM, CN = QUALCOMM Attestation CA Subject: C = US, CN = SecTools Test User, L = SANDIEGO, O = SecTools, ST = CA, OU = 01 0000000000000000 SW_ID, OU = 02 000BA0E100000000 HW_ID, OU = 04 0000 OEM_ID, OU = 05 00000168 SW_SIZE, OU = 06 0000 MODEL_ID, OU = 07 0001 SHA256, OU = 03 0000000000000002 DEBUG