Another idea is to measure the initrd and the boot configuration, for
example taking a hash of the grub configuration and initrd and
extending a PCR register.
To make it work across upgrades, the grub configuration could be put
into a git repository. Each commit hash is computed using the TPM and
indeed, this is why a proposal is to change the way grub measure things.
For example introducing a new PCR, for example PCR10, and a new command,
"extend", that replay a command into the PCR without actually executing it.
This would mean for your above example, if we only limit to the last line,
