I fail to see how secure boot is worse than nothing. I don't need to even begin to think about supply chain attacks when the hardware in my house doesn't have trust between its components.
Read it again. I'm saying your concern of supply chain attacks on secure-boot and TPM are like worrying about the ash on your shirt while your house burns down. It's far easier to pwn a system with pre-boot injections on a system without signatures than one with them. Don't like where the signatures come from? Fine. That doesn't make the system have some mysterious backdoor or do whatever sensational magic someone told you it does.
