Given how UEFI secure boot appears later than TPM, i had assumption that it provides advantages over TPM.
As i read into each, it appears to me that the TPM measurements to each stage would provide about the same level of integrity guarantee as how each secure boot stage verifies the next stage’s signature.
I get how the UEFI secure boot’s key/certificate structure may have management advantages over TPM. However, i have trouble finding security advantages against attackers. Can someone enlightens me if those statements would be valid? Thanks!