There are several ways to support Secure Boot; one path would be to switch to GRUB2 for the PBA bootloader but that potentially opens up additional "hard to explain/perceived" attack surface and would increase the size/complexity of the PBA image.
What's the best way to support Secure Boot with minimal changes? (See DTA #181 and DTA #301 for previous discussion.) A signed PBA image which could have appropriate keys/certs/trust anchors added to a v2.0 TPM seems the least painful - see DTA #259 for details on that approach.
There are several ways to support Secure Boot; one path would be to switch to GRUB2 for the PBA bootloader but that potentially opens up additional "hard to explain/perceived" attack surface and would increase the size/complexity of the PBA image.
What's the best way to support Secure Boot with minimal changes? (See DTA #181 and DTA #301 for previous discussion.) A signed PBA image which could have appropriate keys/certs/trust anchors added to a v2.0 TPM seems the least painful - see DTA #259 for details on that approach.