Windows 12 will close the loophole: your CPU will require a signed code path from boot down to application level code. No option to disable Secure Boot or install your own keys. But there needs to be an installed base of secure hardware for this to happen, hence the TPM 2.0 requirements for Windows 11.

Since Windows 12 hasn't even been mentioned yet, I wouldn't worry about what you're describing at all.