Comment by ahepp

4 hours ago

Doing secure boot properly is kind of difficult. There are a bunch of TPM measurement registers for various bits and bobs (kernel, initramfs, cmdline, lots more). Using UKIs simplifies it a lot, but it’s not trivial to do right at the moment.

1 comment

ahepp

Reply
Nextgrid  2 hours ago

Secure Boot and TPM are separate things. The current Secure Boot policy gets measured by the TPM but that's about it.