The New Linux Trusted Boot (NLTB) is a new boot implementation from the systemd team which significantly improves secure and measured boot on PC platforms. Below are some links to understand what it is, how to install it, and some packages to further extend its use of the TPM.
Links:
Poettering’s Original Blog Page:
https://0pointer.net/blog/brave-new-trusted-boot-world.html
How to install it:
Installing NLTB on Rawhide (development for Fedora 41)
Installing NLTB on openSUSE Leap 16 RC
CEL event log verification tools for NLTB
https://github.com/safforddr/cel_util
example verification summary for Fedora 39 with NLTB:
example verification summary for Fedora 40 with NLTB
example verification summary for Rawhide development for Fedora 41)
Provisioning/backup/recovery tools for NLTB
https://github.com/safforddr/tpm_keys
TPM based password hashing for NLTB