Another idea is to measure the initrd and the boot configuration, for
example taking a hash of the grub configuration and initrd and
extending a PCR register.
To make it work across upgrades, the grub configuration could be put
into a git repository. Each commit hash is computed using the TPM and
changes are appended to the repository.
During boot, grub would extend the PCR, one time per commit, with the
commit content. Grub would then execute the git working tree.
This makes it possible to, after a grub config change / kernel upgrade
/ dracut change etc. to precalculate the PCR values (as suggested on
https://github.com/latchset/clevis/issues/366) that can then be used to
bind luks passphrases.