Just an assumption here, but the project appears to be about the methodology to verify the install. Who holds the keys is an entirely different matter.

https://0pointer.net/blog/authenticated-boot-and-disk-encryp...

You. The money quote about the current state of Linux security:

> In fact, right now, your data is probably more secure if stored on current ChromeOS, Android, Windows or MacOS devices, than it is on typical Linux distributions.

Say what you want about systemd the project but they're the only ones moving foundational Linux security forward, no one else even has the ambition to try. The hardening tools they've brought to Linux are so far ahead of everything else it's not even funny.