Have a look at Heads. It uses TPM with a hardware key to verify the boot integrity without proprietary blobs and with full control of the user. Works for me.