coreboot
The open source coreboot firmware project implements verified boot, which is similar to a combination of OBB verification and UEFI Secure Boot.
Figure 3-2 shows the verified boot flow. Table 3-2 shows keys used in the verified boot flow.

Figure 3-2: coreboot Verified Boot (source: “Verified Boot in Chrome OS and how to make it work for you”)

Table 3-2: Keys used by coreboot verified boot (source: “Verified Boot: Surviving in the Internet of Insecure Things”)
Key
Verifies
Stored in
Versioned
Notes
Root Key
Firmware Data Key
RO Firmware
NO
Private key in a locked room guarded by laser sharks; N of M present. RSA4096+
Firmware Data Key
RW Firmware
RW FW Header
YES
Private key on signing server. RSA4096.
Kernel Subkey
Kernel Data Key
RW Firmware
YES (as FW)
Private key only needed to sign new kernel data key. RSA4096.
Kernel Data Key
OS Kernel
OS kernel Header
YES
Private key on signing server. RSA2048.
Recovery Key
Recovery OS Kernel
RO Firmware
NO
Locked room and laser sharks. RSA4096+. Different than all keys above. Signs recovery installer, not payload.
Table 3-3: coreboot Verified Boot (for firmware)
Item
Entity
Provider
Location
TP
Read/Write Firmware Verification
OEM
Flash (Read Only Region)
CDI
Read-Only Firmware
OEM
Flash (Read Only Region)
Root key
OEM
RO firmware, Google Binary Blob (GBB)
UDI
Read/Write Firmware
OEM
Flash (Read Write Region)
Table 3-4: coreboot Verified Boot (for OS)
Item
Entity
Provider
Location
TP
OS Kernel Verification
OEM
Flash (Read Write Region)
CDI
Read-Write Firmware
OEM
Flash (Read Write Region)
Kernel Subkey
OSV
R/W firmware, Google Binary Blob (GBB)
UDI
OS Kernel
OSV
External storage
Last modified 1yr ago