what's the point of secure boot?
>prevents attacker from inserting/using unsigned code during boot
how do you get unsigned code inserted during boot?
> tamper with the uefi boot files
which requires either root access or physical access to boot drive... which implies
>someone has root access, or
>someone has physical access

in either way, you've already been fucked, right? especially if you're signing your own boot images and your key lives on your system, then the secure boot is compromised. not to mention you're already fucked with root access anyway.
a physical attacker can simply reset the CMOS and your UEFI password and change the keys.

tl;dr is there any reason to sign your own kernel for secure boot? i'm thinking no. just lock your shit up, right?