diff --git a/build_library/grub_install.sh b/build_library/grub_install.sh
index 71600591402..db83d614a1a 100755
--- a/build_library/grub_install.sh
+++ b/build_library/grub_install.sh
@@ -60,7 +60,7 @@ case "${FLAGS_target}" in
         CORE_NAME="core.img"
         ;;
     x86_64-efi)
-        CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp )
+        CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp tpm )
         CORE_NAME="core.efi"
         SBAT_ARG=( --sbat "${BOARD_ROOT}/usr/share/grub/sbat.csv" )
         ;;
@@ -68,7 +68,7 @@ case "${FLAGS_target}" in
         CORE_NAME="core.elf"
         ;;
     arm64-efi)
-        CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp )
+        CORE_MODULES+=( serial linux efi_gop efinet pgp http tftp tpm )
         CORE_NAME="core.efi"
         BOARD_GRUB=1
         SBAT_ARG=( --sbat "${BOARD_ROOT}/usr/share/grub/sbat.csv" )
diff --git a/changelog/changes/2024-04-09-grub-tpm.md b/changelog/changes/2024-04-09-grub-tpm.md
new file mode 100644
index 00000000000..8d60073fa4a
--- /dev/null
+++ b/changelog/changes/2024-04-09-grub-tpm.md
@@ -0,0 +1 @@
+- Enabled the GRUB TPM2 module to measure the boot code path and files into PCR 8+9 in UEFI ([scripts#1861](https://github.com/flatcar/scripts/pull/1861))