The TPM doesn't verify that you're booting a trusted OS as such. Each component of the boot process is hashed and that hash copied into the TPM, and the secret is encrypted in a blob that includes the expected hash values. If the hash values differ, the TPM will refuse to decrypt the secret. So booting a different signed OS won't give you the secret - even though you're a trusted OS, the TPM hashes will be different and the secret will remain encrypted.