If you read the *end* of the Stallman link at https://www.gnu.org/philosophy/can-you-trust.html
it looks like the FSF has noticed that TPMs totally failed for DRM and remote attestation, and no longer objects to using them for things like locally verifying code integrity. Which means that I'd expect vanilla grub2 to now be willing to take measured boot patches. The 2013 email link would appear to be way out of date. -- jbash
signature.asc
Description: OpenPGP digital signature