At the time of writing, verified boot with reasonable security and usability using user-custom keys for Open Source Linux desktop distributions comparable to some Android hardware is unavailable due to a lack of hardware/firmware support (at least on the Intel/AMD64 platform).
The gigantic verified boot wiki page has grown as large as it has because @arraybolt3 and I have been trying to wrap our heads around how verified boot with reasonable security, usability, and user-custom keys for Open Source (Linux) distributions, comparable to some Android hardware, could be implemented.
Sponsor PUP (related: Transparency) will pay an OEM with firmware development skills to revise that wiki page with the goal of drafting a concept on how this could be implemented and identifying areas that might require further research.
If we are lucky, and if financially feasible, this might result in the development of hardware/firmware that allows for full verified boot to be implemented and actually realized.
