https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html
> On Feb 20, 2021, at 3:21 AM, Jendrik Weise <[email protected]> wrote: > > Hello, > I would like to know what the current state of GRUB's TPM measurement > capabilities is compared to say TrustedGRUB. I would prefer not to use that > as its latest release is four years old by this point, and GRUB has since > added a section to the documentation concerned with the TPM. In particular > I am wondering what thr "Files" section mentioned in the docs includes, > does it include both modules and say initrd images and kernels read by > GRUB? The docs also mentioned core.img must be by measured by firmware. Is > this normally configured already? Finally, the major difference that I did > notice is that GRUB does not seem to have proper support for reading from > the TPM to acquire the needed key, only for writing its measurements. How > hard would it be to add *rudimentary *such support myself, perhaps based on > the TrustedGRUB implementation? > Rgds > Jendrik
