not allowed to post links on here (maybe because I’m a new account?) so I’ll just copy my post from grub issue #60211 which describes exactly this problem as it seems to be an issue with grub (or maybe there is something missing from the arch wiki post about using your own keys without shim).
Adding the tpm module to the core-image via --modules=“tpm” on grub-install enabled me to get into grub without said error.
When selecting my signed kernel to boot I got an error stating “shim_lock protocol not found”.
After once again running grub-install, this time with both --modules=“tpm” and --disable-shim-lock I was able to successfully boot with enabled Secure Boot.
Still not really sure why tpm changes something in the first place and how to properly do it without shim.