Measured boot on QEMU
Protected UEFI variables with U-Boot
Firmware device updates with brick/rollback protection