For the literally dozen of people who care about the intersection of TPM remote attestation, kexec, Windows, and Bitlocker: LinuxBoot can receive the BitLocker key from the remote attestation server, which is passed to the kexec'ed Windows boot loader via a UEFI ramdisk, so there is no clear-text on the disk, not even an EFI System Partition.
kexec_load() takes a memory map of segments and doesn't care about the actual file format (although the
kexec tool does, since it has to build that map). In this case I'm actually
kexec'ing a special build of edk2 called
UefiPayloadPkg that then loads the windows boot loader from a ramdisk rather than the real disk.
@th So that's linuxboot->kexec->UefiPayloadPkg->windows boot loader? 'fun'
If you're running bitlocker in windows, are any of those components actually updating the tpm?