Consider arch-secure-boot

[petRUShka]

There is arch-secure-boot:

Highly opinionated setup that provides minimal Secure Boot for Arch Linux, and a few recovery tools.

According to Arch wiki:

Secure Boot is a feature of UEFI that allows authentication of the files your computer boots. This helps preventing some evil maid attacks such as replacing files inside the boot partition. Normally computers come with keys that are enrolled by vendors (OEM). However these can be removed and allow the computer to enter Setup Mode which allows the user to enroll and manage their own keys.

[pigmonkey]

If I had a computer running coreboot, I may be interested in this. But as long as my computer runs a proprietary UEFI, Secure Boot just seems like a lot of hassle for not much gain.