indeed, this is why a proposal is to change the way grub measure things.
For example introducing a new PCR, for example PCR10, and a new command,
"extend", that replay a command into the PCR without actually executing it.
This would mean for your above example, if we only limit to the last line,
Another idea is to measure the initrd and the boot configuration, for
example taking a hash of the grub configuration and initrd and
extending a PCR register.
To make it work across upgrades, the grub configuration could be put
into a git repository. Each commit hash is computed using the TPM and
