This from September, I only just noticed it. 😦
Matthew Garrett has updated GRUB bootloader with support for Trusted Boot, on TPM v1 or v2 systems!
In a follow-up to the above tweet, Matthew also states:
“I need to add equivalent code to Shim now lucky me”
So I need to check if that happened, and if Debian and other distros are using this version of GRUB and Shim…
I wish somebody — Wikipedia, the Linux Foundation, the Linux kernel security wiki, the UEFI Forum, etc. — were tracking the various hardware/firmware security features of various vendors, and what system components (grub and shim in this case) had support for the various technologies, with a table of red/green boxes. Then we could more easily see things like tboot only supporting BIOS and not UEFI, etc..