When you can figure out how to setup a foss secure boot implementation with verified boot, then maybe I'll consider your input on bootloader security worth considering.
Until then, I don't think it makes sense to continue this discussion. I assume you'll claim it isn't possible, but anyone who expends the slightest effort will see how far from reality that is.
Tommy, is that you? https://forum.qubes-os.org/t/discussion-on-purism/2627/146