Description of problem:

Currently it's not possible to select a TBOOT entry by default, this has to be done manually.
The reason for this is TBOOT's /etc/grub.d/20_linux_tboot script creates a "submenu", which prevents considering "saved_entry" Grub variable.

I think TBOOT should rely on the setting of GRUB_DISABLE_SUBMENU to decide whether to create a sub-menu or not.
On RHEL, by default we have GRUB_DISABLE_SUBMENU=true in /etc/default/grub so we don't expect sub-menus.
Once this is implemented, the admin can then select the TBOOT kernel through using grub2-editenv, e.g.:
~~~
LATEST_TBOOT_ENTRY="$(grep -w ^menuentry /boot/grub2/grub.cfg | grep -m 1 "with tboot" | sed -e "s/menuentry '(.)' --class ./\1/")"
/usr/bin/grub2-editenv - set saved_entry="$LATEST_TBOOT_ENTRY"
~~~

which will always select the highest kernel TBOOT entry.

Version-Release number of selected component (if applicable):

tboot-1.10.2-6.el9.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Select the default entry through editing grubenv file:

LATEST_TBOOT_ENTRY="$(grep -w ^menuentry /boot/grub2/grub.cfg | grep -m 1 "with tboot" | sed -e "s/menuentry '(.)' --class ./\1/")"
/usr/bin/grub2-editenv - set saved_entry="$LATEST_TBOOT_ENTRY"

2. Reboot

Actual results:

First kernel (non-TBOOT) selected because of the sub-menu.

Expected results:

TBOOT kernel selected

Additional info:

More generally, it would be nice if TBOOT could be implemented as a BLS snippet, which would ease all this handling. See also #2107618.