Suggest notto go that route. Secure Boot is well thought out on x86 PC architeccture and PC UEFI boot process. ARM deviate from that quite a bit. See uboot discussions in https://cryptotronix.com/cryptocape-tpm/ I.e., holes in several places.