If it isn't hard to implement why does no Linux distro besides bottlerocket (specialized for use on AWS and other cloud services) Android and ChromeOS do it?
Debian, Ubuntu, Red Hat, Fedora, Suse, Arch, Gentoo, and Slackware all support secureboot. After that I got tired of looking up linux distributions, so there are likely more.
That's not part of secureboot's remit, but distros who do it are generally referred to as 'immutable distros'. Fedora Silverblue, CarbonOS, NixOS, GUIX, Endless OS, and Vanilla OS are a few.
None of the distros you list verifies the software installed by the package manager (except sometimes the kernel and the initrd) at boot time and refuses to finish the boot process if the verification fails. I guess an argument can be made that immutability would make it easier to achieve such a "verified boot process", but none of the distros you list has done the work.
Also, Silverblue's home page does not even list "secure" or "security" as one of the benefits of Silverblue. (They list reliable, atomic, the ability to revert the system, containerized, developer-friendly, no ads, "all your data belongs to you", and open-source.)
