Hi everyone
There is an official implementation, however it’s quite old. Therefore it only supports TPM 1.2 with legacy boot mode on CPU’s that support Intel TXT. Also, the documentation seems outdated. The last content change (excluding styling and replacing links) was done in 2019.
There are unofficial implementations, mainly Qubes AEM with TrenchBoot. Of course this isn’t an official implementation and it may be dangerous to install it. However, it currently supports TPM 2.0 on Intel Platforms with legacy boot, with the next phase (Phase 4) being about AMD integration. Phase 5 is about UEFI support, IIRC.
Qubes also spoke interest of it, through this news article. Out of date. Current update (3mdeb). There is an 2 year old issue to integrate it, but there is still no progress. To be clear, I’m fine with that. I rather have the resources allocated on making progress, than official integration with Qubes. I just think that one should (easily) find this on the forum or in the docs. It should definitely have a disclaimer that it’s not officially supported by Qubes though.
To summarize:
I think that the awareness of other AEM solutions should be raised. While these are unofficial, and can pose a risk, the official implementation is very limited. Also to consider is that Qubes and 3mdeb are kind of collaborating, although i can’t provide the sources right now.
What are your opinions? Do you think one should use it?