PureOS didn’t even support UEFI, which in practice is a pre-requisite for using “Secure Boot”
Feel free to call it TrustedBoot if it makes it easier. Conceptually there’s exactly zero difference between laptop with UEFI firmware with vendor key baked in which is used to authenticate kernel via TPM measurement and another laptop with Heads firmware with vendor key baked which is used to authenticate kernel via TPM measurement. Unless there’s some intricate detail which I’ve missed - would be glad to learn otherwise.
If you re-build Heads with your own key and UEFI does not provide ability to replace vendor key - than there will be difference but it raises the question of how vendor-signed kernels from Purism will be authenticated if Heads has only your key?