- The firmware measure itself and send the measurements to some PCRs in the TPM.
If the measurements match, the TPM unseal the secret. - The firmware does GPG verification of the files down the chain.
- None of the existing laptops with Heads (all those Librems and ancient Thinkpads) have functioning Boot Guard, so there is nothing stopping the system from booting with malicious firmware flashed by an attacker. The firmware can just then lie about the measurements and everything down the chain is basically theatre.
In theory, Heads can be less bad if BootGuard measures at least PCR 0 and the TPM uses that to unlock the encryption key. In practice, none of the laptops running Heads have BootGuard at all.
Those would be pretty old then 9th gen maybe. If buying laptop, would want the E/P core thing, which was 12th gen.