I don’t think so. NS_BL1U is designed to be implemented in mask programmed ROM within the SoC. On platforms where there is no BL1/NS_BL1U in ROM then there is not really much value in implementing NS-BL1U (or any other FWU features).
Being brutal I’d have to say attaching the TPM over USB is a mistake. I don’t much care whether or not it violates the global platform specification or not… it is more that getting the low level bootloaders to talk to it is going to be a huge amount of pointless work. It’s not that it can’t be done, but hooking it up using a simpler bus such as I2C will give you more time for the actual research.
Consider taking a look at secure96 instead (even if only as inspiration for hacking together your own hardware… it shouldn’t be hard):
Secure96 recently became available on Amazon in the US (although I’m told I have to wait little longer before they come out in Europe).
Finally regarding the networking it can be implemented in other places but personally I’d still be inclined to run the actual network stack from BL33 and use SMC to pass any crypto tokens we get from network to code running in secure mode to complete the custom authentication.