DTS fix UEFI SB build

[m-iwanicki]

Before changes:

`ERROR: Layer networking-layer is not compatible with the core layer which only supports these series: scarthgap (layer is compatible with kirkstone)`

Using the same refspec as common.yml:

   meta-openembedded:
-    url: https://git.openembedded.org/meta-openembedded
-    refspec: 0b78362654262145415df8211052442823b9ec9b
     layers:
-      meta-oe:
-      meta-networking:
-      meta-python:
       meta-perl:

Results in:

ERROR: Layer secure-core is not compatible with the core layer which only supports these series: scarthgap (layer is compatible with kirkstone honister langdale)

After updating meta-secure-core

   meta-secure-core:
     url: https://github.com/Wind-River/meta-secure-core
-    refspec: fa438247c3e61d7f746687d85ef3b0dd66dc6b3f
+    refspec: 0aa7452355abc39b700f8787eab1b655f6099407
     layers:
       meta-efi-secure-boot:
-      meta:
+      meta-secure-core-common:
       meta-signing-key:
       meta-tpm2:

ERROR: Multiple versions of tpm2-tss-engine are due to be built (/work/meta-security/meta-tpm/recipes-tpm2/tpm2-tss-engine/tpm2-tss-engine_1.1.0.bb /work/meta-secure-core/meta-tpm2/recipes-tpm/tpm2-tss-engine/tpm2-tss-engine_1.2.0.bb). Only one version of a given PN should be built in any given build. You likely need to set PREFERRED_VERSION_tpm2-tss-engine to select the correct version or don't depend on multiple versions.

After adding preferred version:

--- a/meta-dts-distro/conf/distro/dts-sb-distro.conf
+++ b/meta-dts-distro/conf/distro/dts-sb-distro.conf
@@ -39,3 +39,5 @@ MACHINE_FEATURES:append = " efi"

 DEBUG_FLAGS:forcevariable = ""
 IMAGE_INSTALL:append = " kernel-image-bzimage"
+
+PREFERRED_VERSION_tpm2-tss-engine = "1.2.0"

WARNING: preferred version 1.2.0 of tpm2-tss-engine not available (for item tpm2-tss-engine-engines)
WARNING: versions of tpm2-tss-engine available: 1.1.0

And ends with the same error as earlier.
With version 1.1.0 used:

NOTE: Tasks Summary: Attempted 9031 tasks of which 12 didn't need to be rerun and all succeeded.

Summary: There were 109 WARNING messages.

That's a lot of warnings

[m-iwanicki]

List of warnings:

WARNING: You are using a local hash equivalence server but have configured an sstate mirror. This will likely mean no sstate will match from the mirror. You may wish to disable the hash equivalence use (BB_HASHSERVE), or use a hash equivalence server alongside the sstate mirror.
WARNING: ncurses-native-6.4-r0 do_fetch: Failed to fetch URL git://github.com/mirror/ncurses.git;protocol=https;branch=master, attempting MIRRORS if available
WARNING: gettext-minimal-native-0.22.5-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/gettext/gettext-0.22.5.tar.gz, attempting MIRRORS if available
WARNING: autoconf-native-2.72e-r0 do_fetch: Failed to fetch URL https://alpha.gnu.org/gnu/autoconf/autoconf-2.72e.tar.gz, attempting MIRRORS if available
WARNING: libmpc-native-1.3.1-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/mpc/mpc-1.3.1.tar.gz, attempting MIRRORS if available
WARNING: gcc-source-13.2.0-13.2.0-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/gcc/gcc-13.2.0/gcc-13.2.0.tar.xz, attempting MIRRORS if available
WARNING: autoconf-archive-native-2023.02.20-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/autoconf-archive/autoconf-archive-2023.02.20.tar.xz, attempting MIRRORS if available
WARNING: make-native-4.4.1-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/make/make-4.4.1.tar.gz, attempting MIRRORS if available
WARNING: acl-native-2.3.2-r0 do_fetch: Failed to fetch URL https://download.savannah.gnu.org/releases/acl/acl-2.3.2.tar.gz, attempting MIRRORS if available
WARNING: libpng-1.6.42-r0 do_fetch: Failed to fetch URL https://downloads.sourceforge.net/project/libpng/libpng16/libpng-1.6.42.tar.xz, attempting MIRRORS if available
WARNING: libunistring-native-1.2-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/libunistring/libunistring-1.2.tar.gz, attempting MIRRORS if available
WARNING: libtasn1-native-4.19.0-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/libtasn1/libtasn1-4.19.0.tar.gz, attempting MIRRORS if available
WARNING: nettle-native-3.9.1-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/nettle/nettle-3.9.1.tar.gz, attempting MIRRORS if available
WARNING: libidn2-native-2.3.7-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/libidn/libidn2-2.3.7.tar.gz, attempting MIRRORS if available
WARNING: libmicrohttpd-native-1.0.1-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/libmicrohttpd/libmicrohttpd-1.0.1.tar.gz, attempting MIRRORS if available
WARNING: lzlib-native-1.14-r0 do_fetch: Failed to fetch URL https://download.savannah.gnu.org/releases/lzip/lzlib/lzlib-1.14.tar.gz, attempting MIRRORS if available
WARNING: readline-native-8.2-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/readline/readline-8.2.tar.gz;name=archive, attempting MIRRORS if available
WARNING: bash-5.2.21-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/bash/bash-5.2.21.tar.gz;name=tarball, attempting MIRRORS if available
WARNING: coreutils-9.4-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/coreutils/coreutils-9.4.tar.xz, attempting MIRRORS if available
WARNING: gawk-5.3.0-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/gawk/gawk-5.3.0.tar.gz, attempting MIRRORS if available
WARNING: tar-1.35-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/tar/tar-1.35.tar.bz2, attempting MIRRORS if available
WARNING: grep-3.11-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/grep/grep-3.11.tar.xz, attempting MIRRORS if available
WARNING: freetype-2.13.2-r0 do_fetch: Failed to fetch URL https://download.savannah.nongnu.org/releases/freetype/freetype-2.13.2.tar.xz, attempting MIRRORS if available
WARNING: gnu-config-native-20240101+git-r0 do_fetch: Failed to fetch URL git://git.savannah.gnu.org/git/config.git;protocol=https;branch=master, attempting MIRRORS if available
WARNING: groff-native-1.23.0-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/groff/groff-1.23.0.tar.gz, attempting MIRRORS if available
WARNING: cpio-native-2.15-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/cpio/cpio-2.15.tar.gz, attempting MIRRORS if available
WARNING: grub-native-2.12-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/grub/grub-2.12.tar.gz, attempting MIRRORS if available
WARNING: lzip-native-1.24-r0 do_fetch: Failed to fetch URL https://download.savannah.gnu.org/releases/lzip/lzip-1.24.tar.gz, attempting MIRRORS if available
WARNING: mtools-4.0.43-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/mtools/mtools-4.0.43.tar.bz2, attempting MIRRORS if available
WARNING: parted-3.6-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/parted/parted-3.6.tar.xz, attempting MIRRORS if available
WARNING: dmidecode-3.5-r0 do_fetch: Failed to fetch URL https://download.savannah.nongnu.org/releases/dmidecode/dmidecode-3.5.tar.xz, attempting MIRRORS if available
WARNING: wget-1.21.4-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/wget/wget-1.21.4.tar.gz, attempting MIRRORS if available
WARNING: gdb-14.2-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/gdb/gdb-14.2.tar.xz, attempting MIRRORS if available
WARNING: diffutils-3.10-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/diffutils/diffutils-3.10.tar.xz, attempting MIRRORS if available
WARNING: gzip-1.13-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/gzip/gzip-1.13.tar.gz, attempting MIRRORS if available
WARNING: ed-1.20.1-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/ed/ed-1.20.1.tar.lz, attempting MIRRORS if available
WARNING: sed-4.9-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/sed/sed-4.9.tar.xz, attempting MIRRORS if available
WARNING: inetutils-2.5-r0 do_fetch: Failed to fetch URL https://ftp.gnu.org/gnu/inetutils/inetutils-2.5.tar.xz, attempting MIRRORS if available
WARNING: glibc-2.39+git-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libm.so.6 in package glibc-dbg contains reference to TMPDIR
WARNING: libgcc-13.2.0-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libgcc_s.so.1 in package libgcc-dbg contains reference to TMPDIR [buildpaths]
WARNING: expat-2.6.2-r0 do_package_qa: QA Issue: File /usr/bin/xmlwf in package expat-bin contains reference to TMPDIR [buildpaths]
WARNING: expat-2.6.2-r0 do_package_qa: QA Issue: File /usr/lib/libexpat.so.1.9.2 in package expat contains reference to TMPDIR [buildpaths]
WARNING: libx11-1_1.8.7-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libX11.so.6.4.0 in package libx11-dbg contains reference to TMPDIR [buildpaths]
WARNING: coreutils-9.4-r0 do_package_qa: QA Issue: File /usr/bin/.debug/wc.coreutils in package coreutils-dbg contains reference to TMPDIR
WARNING: gcc-runtime-13.2.0-r0 do_package_qa: QA Issue: File /usr/lib/libgomp.a in package libgomp-staticdev contains reference to TMPDIR [buildpaths]
WARNING: gcc-runtime-13.2.0-r0 do_package_qa: QA Issue: File /usr/lib/libstdc++.a in package libstdc++-staticdev contains reference to TMPDIR [buildpaths]
WARNING: gcc-runtime-13.2.0-r0 do_package_qa: QA Issue: File /usr/lib/libstdc++.so.6.0.32 in package libstdc++ contains reference to TMPDIR [buildpaths]
WARNING: gcc-runtime-13.2.0-r0 do_package_qa: QA Issue: File /usr/lib/libgomp.so.1.0.0 in package libgomp contains reference to TMPDIR [buildpaths]
WARNING: gcc-runtime-13.2.0-r0 do_package_qa: QA Issue: File /usr/lib/libitm.a in package libitm-staticdev contains reference to TMPDIR [buildpaths]
WARNING: gcc-runtime-13.2.0-r0 do_package_qa: QA Issue: File /usr/lib/libitm.so.1.0.0 in package libitm contains reference to TMPDIR [buildpaths]
WARNING: fontconfig-2.15.0-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libfontconfig.so.1.12.1 in package fontconfig-dbg contains reference to TMPDIR [buildpaths]
WARNING: libgpiod-2.1.1-r0 do_package_qa: QA Issue: File /usr/bin/.debug/gpiodetect in package libgpiod-dbg contains reference to TMPDIR
WARNING: libxext-1_1.3.6-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libXext.so.6.4.0 in package libxext-dbg contains reference to TMPDIR [buildpaths]
WARNING: mpfr-4.2.1-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libmpfr.so.6.2.1 in package mpfr-dbg contains reference to TMPDIR [buildpaths]
WARNING: libuv-1.48.0-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libuv.so.1.0.0 in package libuv-dbg contains reference to TMPDIR [buildpaths]
WARNING: cairo-1.18.0-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libcairo.so.2.11800.0 in package cairo-dbg contains reference to TMPDIR [buildpaths]
WARNING: nettle-3.9.1-r0 do_package_qa: QA Issue: File /usr/bin/.debug/sexp-conv in package nettle-dbg contains reference to TMPDIR
WARNING: tpm2-tss-engine-1.1.0-r0 do_package_qa: QA Issue: File /usr/bin/.debug/tpm2tss-genkey in package tpm2-tss-engine-dbg contains reference to TMPDIR
WARNING: strace-6.7-r0 do_package_qa: QA Issue: File /usr/bin/.debug/strace in package strace-dbg contains reference to TMPDIR [buildpaths]
WARNING: nvramtool-git-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/nvramtool in package nvramtool-dbg contains reference to TMPDIR [buildpaths]
WARNING: iotools-1.0+git-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/iotools in package iotools-dbg contains reference to TMPDIR [buildpaths]
WARNING: psmisc-23.6-r0 do_package_qa: QA Issue: File /usr/bin/.debug/fuser.psmisc in package psmisc-dbg contains reference to TMPDIR
WARNING: gnu-efi-3.0.17-r0 do_package_qa: QA Issue: File /usr/lib/gnuefi/apps/ctors_test.efi in package gnu-efi contains reference to TMPDIR
WARNING: wolfssl-5.7.0-r0 do_package_qa: QA Issue: File /usr/lib/libwolfssl.so.42.1.0 in package wolfssl contains reference to TMPDIR [buildpaths]
WARNING: pps-tools-1.0.3-r0 do_package_qa: QA Issue: File /usr/bin/.debug/ppsldisc in package pps-tools-dbg contains reference to TMPDIR
WARNING: json-c-0.17-r0 do_package_qa: QA Issue: File /usr/lib/libjson-c.a in package json-c-staticdev contains reference to TMPDIR [buildpaths]
WARNING: json-c-0.17-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libjson-c.so.5.3.0 in package json-c-dbg contains reference to TMPDIR [buildpaths]
WARNING: json-c-0.17-r0 do_package_qa: QA Issue: File /usr/lib/libjson-c.so.5.3.0 in package json-c contains reference to TMPDIR [buildpaths]
WARNING: efitools-1.9.2-r0 do_package_qa: QA Issue: File /usr/bin/.debug/cert-to-efi-hash-list in package efitools-dbg contains reference to TMPDIR
WARNING: iperf3-3.16-r0 do_package_qa: QA Issue: File /usr/bin/.debug/iperf3 in package iperf3-dbg contains reference to TMPDIR [buildpaths]
WARNING: python3-3.12.3-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/config-3.12-x86_64-linux-gnu/libpython3.12.a in package libpython3-staticdev contains reference to TMPDIR [buildpaths]
WARNING: python3-3.12.3-r0 do_package_qa: QA Issue: File /usr/bin/.debug/python3.12 in package python3-dbg contains reference to TMPDIR
WARNING: python3-pycairo-1.26.0-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/cairo/_cairo.cpython-312-x86_64-linux-gnu.so in package python3-pycairo contains reference to TMPDIR [buildpaths]
WARNING: python3-pyyaml-6.0.1-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/yaml/.debug/_yaml.cpython-312-x86_64-linux-gnu.so in package python3-pyyaml-dbg contains reference to TMPDIR [buildpaths]
WARNING: python3-cffi-1.16.0-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/.debug/_cffi_backend.cpython-312-x86_64-linux-gnu.so in package python3-cffi-dbg contains reference to TMPDIR [buildpaths]
WARNING: intelp2m-git-r0 do_package_qa: QA Issue: File /usr/sbin/intelp2m in package intelp2m contains reference to TMPDIR [buildpaths]
WARNING: python3-uefi-firmware-1.11-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/uefi_firmware/.debug/efi_compressor.cpython-312-x86_64-linux-gnu.so in package python3-uefi-firmware-dbg contains reference to TMPDIR [buildpaths]
WARNING: lshw-02.20+git-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/lshw in package lshw-dbg contains reference to TMPDIR [buildpaths]
WARNING: grub-2.12-r0 do_package_qa: QA Issue: File /usr/lib/grub/i386-pc/.debug/cbtime.module in package grub-dbg contains reference to TMPDIR
WARNING: syslinux-6.04-pre2-r0 do_package_qa: QA Issue: File /usr/bin/.debug/syslinux in package syslinux-dbg contains reference to TMPDIR
WARNING: linux-yocto-6.6.21+git-r0 do_kernel_configcheck: [kernel config]: This BSP contains fragments with warnings:
WARNING: libxml2-2.12.5-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/libxml2mod.so in package libxml2-python contains reference to TMPDIR [buildpaths]
WARNING: python3-pygobject-3.46.0-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/gi/_gi.cpython-312-x86_64-linux-gnu.so in package python3-pygobject contains reference to TMPDIR [buildpaths]
WARNING: librepo-1.17.0-r0 do_package_qa: QA Issue: File /usr/lib/librepo.so.0 in package librepo contains reference to TMPDIR
WARNING: libcomps-0.1.20-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/libcomps/.debug/_libpycomps.so in package libcomps-dbg contains reference to TMPDIR
WARNING: libcomps-0.1.20-r0 do_package_qa: QA Issue: File /usr/lib/libcomps.so.0 in package libcomps contains reference to TMPDIR [buildpaths]
WARNING: grub-efi-2.12-r0 do_package_qa: QA Issue: File /usr/lib/grub/x86_64-efi/.debug/cbtime.module in package grub-efi-dbg contains reference to TMPDIR
WARNING: harfbuzz-8.3.0-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libharfbuzz-subset.so.0.60830.0 in package harfbuzz-dbg contains reference to TMPDIR
WARNING: libical-3.0.17-r0 do_package_qa: QA Issue: File /usr/lib/libicalss.so.3.0.17 in package libical contains reference to TMPDIR
WARNING: systemd-1_255.4-r0 do_install: Using /home/root as root user's home directory is not fully supported by systemd
WARNING: libjcat-0.2.1-r0 do_package_qa: QA Issue: File /usr/bin/.debug/jcat-tool in package libjcat-dbg contains reference to TMPDIR
WARNING: libftdi-1.5-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libftdi1.so.2.5.0 in package libftdi-dbg contains reference to TMPDIR [buildpaths]
WARNING: elfutils-0.191-r0 do_package_qa: QA Issue: File /usr/bin/.debug/eu-readelf in package elfutils-dbg contains reference to TMPDIR
WARNING: python3-dbus-1.3.2-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/_dbus_bindings.cpython-312-x86_64-linux-gnu.so in package python3-dbus contains reference to TMPDIR [buildpaths]
WARNING: openssh-9.6p1-r0 do_package_qa: QA Issue: File /usr/bin/.debug/ssh.openssh in package openssh-dbg contains reference to TMPDIR
WARNING: ell-0.63-r0 do_package_qa: QA Issue: File /usr/lib/.debug/libell.so.0.0.2 in package ell-dbg contains reference to TMPDIR [buildpaths]
WARNING: rpm-1_4.19.1-r0 do_package_qa: QA Issue: File /usr/lib/librpmio.so.10.0.1 in package rpm contains reference to TMPDIR
WARNING: rpm-1_4.19.1-r0 do_package_qa: QA Issue: File /usr/lib/librpmbuild.so.10.0.1 in package rpm-build contains reference to TMPDIR [buildpaths]
WARNING: rpm-1_4.19.1-r0 do_package_qa: QA Issue: File /usr/lib/.debug/librpm.so.10.0.1 in package rpm-dbg contains reference to TMPDIR [buildpaths]
WARNING: rpm-1_4.19.1-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/rpm/_rpm.so in package python3-rpm contains reference to TMPDIR [buildpaths]
WARNING: libsolv-0.7.28-r0 do_package_qa: QA Issue: File /usr/lib/libsolv.so.1 in package libsolv contains reference to TMPDIR [buildpaths]
WARNING: bluez5-5.72-r0 do_package_qa: QA Issue: File /usr/bin/.debug/bluetoothctl in package bluez5-dbg contains reference to TMPDIR
WARNING: libdnf-0.73.0-r0 do_package_qa: QA Issue: File /usr/lib/libdnf.so.2 in package libdnf contains reference to TMPDIR
WARNING: gdb-14.2-r0 do_package_qa: QA Issue: File /usr/bin/gdb in package gdb contains reference to TMPDIR [buildpaths]
WARNING: efivar-39+39+git-r0 do_package_qa: QA Issue: File /usr/lib/libefiboot.so.1.39 in package efivar contains reference to TMPDIR [buildpaths]
WARNING: ofono-2.4-r0 do_package_qa: QA Issue: File /usr/sbin/.debug/ofonod in package ofono-dbg contains reference to TMPDIR [buildpaths]
WARNING: systemd-1_255.4-r0 do_package_qa: QA Issue: File /usr/lib/systemd/.debug/libsystemd-core-255.so in package systemd-dbg contains reference to TMPDIR [buildpaths]
WARNING: python3-tpm2-pytss-2.1.0-r0 do_package_qa: QA Issue: File /usr/lib/python3.12/site-packages/tpm2_pytss/.debug/_libtpm2_pytss.abi3.so in package python3-tpm2-pytss-dbg contains reference to TMPDIR [buildpaths]
WARNING: gtk+3-3.24.41-r0 do_package_qa: QA Issue: File /usr/lib/libgtk-3.so.0.2409.32 in package gtk+3 contains reference to TMPDIR [buildpaths]

[DaniilKl]

List of warnings:

💀

[macpijan]

Some might be related to: #167

[m-iwanicki]

If we exclude do_fetch failures then all of them are due to the same problem, build path is included in image.
#167 only fixes minor part (only those that are shown when building kas.yml)

[pietrushnic]

@m-iwanicki IIUC I need a binary with those changes for Odroid-H4+ recovery; where can I find it?

[m-iwanicki]

@pietrushnic for recovery any binary in release tab should work (2.0.0-rcx). 1.2.x also should work.
If using flashrom instead of HCL for creating backup then anything that contains or can install flashrom will work.

[pietrushnic]

@m-iwanicki I verified it works using v2.0.0-rc7

[PLangowski]

This PR works. I'm attaching a gif with automatic certificate provisioning in DTS built from this branch.

[pietrushnic]

@macpijan, shouldn't Dasharo (coreboot+UEFI) be shipped with our CA, which verifies the signature of DTS? That would mean that devices with Dasharo boot DTS with UEFI Secure Boot enabled.

[pietrushnic]

@artur-rs @m-iwanicki @PLangowski, it looks like it might work in OVMF (TBH, I wonder why since the kernel doesn't seem to be signed), but it doesn't work with Dasharo (coreboot+UEFI) v0.9.0-rc2 on Odroid-H4.

I see that Dasharo is shipped with Dasharo PK. @macpijan @miczyg1. I don't know where that is handled and how.

My key question is whether any fixes would improve the situation in the upcoming 2-3 days. Unfortunately, I cannot wait any longer.

[m-iwanicki]

@pietrushnic I'm not sure what exactly are you asking about?
The only thing signed is .sha256 of .wic.bmap and .wic.gz files in our releases.

You can read more about kas-uefi-sb.yml version here: https://docs.dasharo.com/dasharo-tools-suite/documentation#build-image-with-uefi-secure-boot-support

Building the image allow to prepare a PoC version with uses sample keys which by no mean should used in production

I don't think we can quickly (and securely) implement signing .efi files (would need testing and workflow changes)