If your firmware does not vary PCR7 based on the key used, then it is a very concerning issue.

On my setup, I’ve tested with my signed kernel image as well as PreLoader (Microsoft-signed) and the PCR values were different. I could be wrong, but I believe PreLoader doesn’t touch the TPM at all so the different PCR7 values must have been from the system firmware.

If you would, can you try booting with PreLoader and see if the PCR values are different or not? If it’s different with PreLoader and not different with shim, then it might also be the same on my system and I’d need to investigate more. (In that case, please share the shim!) But if it’s also not different with PreLoader, then our firmwares are behaving differently.

In any case, if you can boot a custom binary with the PCR 7 value intact, then it’s game over. Even with the complex mechanism you’ve devised, any serious attacker would be able to find out the values you’re trying to extend into the PCR (since your shim is not encrypted) and then make a custom binary (which he will boot through shim) to extend those values into the PCR.