Sorry, SecureBoot is implemented in the very firmware you can own when WP is busted... so Windows will happily believe all is good. That's the point of these types of vulnerabilities.
The TPM point would be valid if you actually manually configured which PCRs will cause BitLocker and remote attestation to fail. By default the firmware ones are NOT setup this way. Even if they were, it the attacker knew the expected measurements (from the original firmware), TPM has no signing on measurements and therefore you could fake the old numbers by self measuring.