You could do this right now with Clear Linux. The process would be that you would need to sign the first stage bootloader or the shim as we refer to it internally. It is located at /boot/EFI/org.clearlinux/tooloaderx64.efi and you would have to use sudo systemctl start boot.mount to get to that file.
However, at some point in the future we will sign this shim to support secure boot and a swupd update will replace that file. You would have to re-sign that file and ensure they verification keys are in UEFI firmware. It is not a file that changes very often, but if it did then swupd would replace it. This is not a process we support but it should work. There are guides online that would give you clues on how to exactly do this. Like I said though it is not something we support.