Bootloaders
notes
- microcode update loading is usually built into the initramfs
uefi
- efibootmgr for creating entries for stub kernels
secureboot
- some vendors require micro$haft cert signed bootloader shims
- remote attestation with TPM next
libreboot
- coreboot with blobs removed for foss bios/uefi firmaware