The linked issue does shed some light on this matter. If it’s to be done at all, it should be good, rather than a security theater.
We were discussing something similar during the Qubes summit 2024 hackathon in regard to Secure Boot support - unless there’s a good handling of lockdown in Xen, and other tweaks to support the Microsoft requirements, a mere checking off of some points in a list won’t make the thing reasonably secure.
For instance, a lot of information can be deduced, that a mere mortal like me can’t even imagine and a healthy amount of humbleness does help with considering that.
What I can deduce is something that gets printed from tools that others wrote, and they likely don’t account for everything out there, especially with how tracking methods get better and better. See a sneak peek here (I recommend reading that whole thread).