what are the security guarantee differences between tboot and UEFI's Secure Boot (used with TPM)?
I don't really see the difference:
tboot uses TXT to create a MLE to load a kernel (or a hypervisor). It uses a DRTM to bind the integrity of the boot to the HW.
UEFI's Secure Boot used with a TPM uses a signed chain to the kernel that is loaded. Each executable can be measured and verified via the TPM, and so we bind the integrity or the root of trust of the boot to the HW.
Thanks for your help.