Comment by evanjrowley
3 months ago
Apple's approach to verified boot is pretty intense: https://support.apple.com/guide/security/boot-process-secac7...
Recently I learned about an interesting approach to this through a presentation at CCC about a small project known as sixos. Go to the part at 18m27s where ownerboot is presented: https://media.ccc.de/v/38c3-sixos-a-nix-os-without-systemd
Repository for ownerboot: https://codeberg.org/amjoseph/ownerboot
Android and ChromeOS also do secure, trusted, and verified boot.
There's open standards around this, and I believe it is Google that's for the most part shepherding those:
https://opentitan.org/
https://trustedcomputinggroup.org/
https://trustedfirmware.org/