Description of problem:

This is somehow a continuation of BZ #2107621 and related to RFE #2107618.
Upon updating/reinstalling a kernel, the Grub install script /lib/kernel/install.d/20-grub.install usually overwrites the "saved_entry" setting, which leads to booting the newly installed kernel without TBOOT.

Probably the admin would expect to boot the newly installed kernel with TBOOT if it was booted with TBOOT just before.

But it seems there is no way to detect if we were under TBOOT or not.
One way to do this is to rely on "saved_entry" before the kernel update/reinstallation occurred.
This however assumes that "saved_entry" can be trusted, hence "save_default=true" is also present in grubenv (this is controlled by GRUB_SAVEDEFAULT=true in /etc/default/grub which is NOT the default).

Assuming it's the case, and because TBOOT and BLS are for now incompatible (see RFE #2107618), in order to boot with newly installed kernel, we would need 2 install scripts:

1. One executing before /lib/kernel/install.d/20-grub.install, responsible to save the "saved_entry" state (which is the one before updating the kernel)

If "saved_entry" is not a TBOOT entry, nothing has to be done.

2. One executing after /lib/kernel/install.d/20-grub.install, responsible to do the fixing to boot the newly installed kernel under TBOOT, assuming the "saved_entry" before 20-grub.install executed was a TBOOT entry (step 1).

Version-Release number of selected component (if applicable):

tboot-1.10.2-6.el9.x86_64

How reproducible:

Always

Steps to Reproduce:
1. Boot a kernel with TBoot
2. Update the kernel (or install another kernel)
3. Reboot

Actual results:

Newly installed kernel without TBOOT is executed

Expected results:

Newly installed kernel with TBOOT is executed