I was wondering if anyone experimented in using GRUB directly as a coreboot payload instead of SeaBIOS or HEADS. GRUB is currently used as a coreboot layload in the libreboot distribution of coreboot. The advantages are a faster boot time and the ability to also encrypt the
/boot partition leaving the internal disk fully encrypted. Athough it does not provide tamper proof (as of now) about the coreboot integrity, it does protect the integrity of the boot partition if the LUKS2 volume was created with integrity support (or if we consider hard enough to tamper LUKS encrypted data in a malicious, non disrupting way).
I am working on achieving this manually and eventually publishing a guide (an insight on the process needed to have an encrypted a
/boot partition of a Qubes installation can be viewed here https://git.lsd.cat/g/thinkpad-coreboot-qubes ).
I am wondering if there could be enough interest to support this more officially, maybe directy in the