i mean this: https://safeboot.dev/
I seems some of the crritique does not apply (use of your own keys instead of ditro keys, etc)
there are issues open: Secure boot support · Issue #4371 · QubesOS/qubes-issues · GitHub and Xen / Qubes support · Issue #21 · osresearch/safeboot · GitHub
Some of the xen lack os support is, apparently, being addressed.
Of course, Qubes team has a lot on their hands, and this requires some work, so, let’s be patient.
Of course, if storage domain were outside dom0, this would be simpler, but again, some work…
I would like this, because I do not like anti-evil maid has to expose dom0 to USB - thats the way it is wright now. I find USB atacks creepy
Right now, the real solution to this is HEADS bios, that works for R4.0
Besides, legacy boot is, apparently, phasing out. UEFI is on the rise and has no advantages (security-wise). If safe boot was possible, I woul switch to UEFI on non-HEADS machines.