When you can figure out how to setup a foss secure boot implementation with verified boot, then maybe I'll consider your input on bootloader security worth considering.
Until then, I don't think it makes sense to continue this discussion. I assume you'll claim it isn't possible, but anyone who expends the slightest effort will see how far from reality that is.
