For GRUB 0.x, there is the Trusted GRUB, from TrouSerS and the GRUB Legacy project:
https://firmwaresecurity.com/2015/12/20/new-uefi-patched-grub-legacy/
http://trousers.sourceforge.net/grub.html
I may have missed it, but I don’t think the recent GRUB Legacy project has Trusted GRUB ‘s TPM support. I hope they pick it up, it would be nice to have a single GRUB Legacy with latest UEFI and TPM support. I wonder what other forks of GRUB 0.x are worth watching?
For GRUB2, I missed this activity from Matthew back in September, but it appears that he’s added TPM support to GRUB2:
http://mjg59.dreamwidth.org/37656.html
https://github.com/mjg59/grub
The above blog post mentions Sirrix AG’s TrustedGRUB, that it was based on.
I just noticed that the TrustedGRUB2 project from Sirrix AG has also been recently updated:
https://github.com/Sirrix-AG/TrustedGRUB2
https://github.com/Sirrix-AG/TrustedGRUB2/commits/master
Hmm, there’s some UEFI 2.5-centric checks in the Sirrix tree, too:
https://github.com/Sirrix-AG/TrustedGRUB2/commit/c79c59f1295df8ea660f8a858f9532d76a5f67b7
https://www.gnu.org/software/grub/
So it appears that both Matthew’s GRUB2 as well as Sirrix’s current TrustedGRUB2 are both of interest, probably others (how many others??). Why doesn’t upstream GRUB2 take all these patches, anyway? Is it an FSF issue with TPM/UEFI-centric code? I wish UEFI Form was a bit more proactive with GRUB[2], two of the most influential UEFI ‘pre-OS’ applications in use.
Firmware Security 