Automatic device detection is not supported in secure booting. Instead, While generating the boot stream, we need to set an attribute "0x80000002" BCODE to specify the configuration to use.
For example, please refer the below command for creating secure loader streams:
"<CCES installation path>\signtool.exe" sign -type BLp -attribute 0x80000002=<BCODE value> -attribute 0x80000003=<give 256 or 224 here based on the EDCSA type> -prikey <ecdsa keypair.der> -infile <input loader stream file to be signed> -outfile <output file path>