Nope, I'd skip all that foolishness if I were designing a Free Software friendly firmware. It is this this simple:
Boot into the firmware with the install media inserted in the optical drive or USB port. Pick an option that says "I want to install from this media." It gives a warning asking if you trust this media abd then it looks on the media for a well publicised filename containing a public key and imports that to it's trusted key store and then proceeds to boot the signed installer.
That is simple, safe and allows any Linux distro to enjoy the benefits of secure booting without any centralized key authority beyond the distro's key management to add remove keys post install. So you would still need a method to add/revoke keys from within a secure OS.