If you read the *end* of the Stallman link at https://www.gnu.org/philosophy/can-you-trust.html
it looks like the FSF has noticed that TPMs totally failed for DRM and
remote attestation, and no longer objects to using them for things
like locally verifying code integrity.
Which means that I'd expect vanilla grub2 to now be willing to take
measured boot patches. The 2013 email link would appear to be
way out of date.
-- jbash
signature.asc
Description: OpenPGP digital signature
