Question regarding the state of TPM support

From: Jendrik Weise
Subject: Question regarding the state of TPM support
Date: Sat, 20 Feb 2021 12:21:26 +0100

I would like to know what the current state of GRUB's TPM measurement
capabilities is compared to say TrustedGRUB. I would prefer not to use that
as its latest release is four years old by this point, and GRUB has since
added a section to the documentation concerned with the TPM. In particular
I am wondering what thr "Files" section mentioned in the docs includes,
does it include both modules and say initrd images and kernels read by
GRUB? The docs also mentioned core.img must be by measured by firmware. Is
this normally configured already? Finally, the major difference that I did
notice is that GRUB does not seem to have proper support for reading from
the TPM to acquire the needed key, only for writing its measurements. How
hard would it be to add *rudimentary *such support myself, perhaps based on
the TrustedGRUB implementation?

