Because the encryption key you need to sign the hash lives in EL3[0] and only Google and ARM can load code there. In order to lie about your hash, you have to break ARM TrustZone, and if you do that you can be sued under section 1201 for trafficking in copy protection circumvention tools. In other words, the law that prohibits you from selling DVD copiers can be used to give literally any bullshit the backing of law.
[0] An ARM exception level that sits above hypervisors and is specifically intended to support trusted execution modes for isolated mini-operating-systems that do this sort of shit
[0] An ARM exception level that sits above hypervisors and is specifically intended to support trusted execution modes for isolated mini-operating-systems that do this sort of shit