Suggest notto go that route.
Secure Boot is well thought out on x86 PC architeccture and PC UEFI boot process.
ARM deviate from that quite a bit. See uboot discussions in https://cryptotronix.com/cryptocape-tpm/

I.e., holes in several places.