Inspired by a question from @thisismissem.social, I wrote up a document describing how to apply DPoP (RFC9449) to the OAuth Device Flow (RFC8628).
https://datatracker.ietf.org/doc/draft-parecki-oauth-dpop-device-flow/
https://datatracker.ietf.org/doc/draft-parecki-oauth-dpop-device-flow/