Currently we package our module signing keys as part of
the 'linux-kbuild' package. This means that anyone obtaining
our 'linux-kbuild' package, which we do publish, can produce
signed modules. This violates the intent of secure boot.
Re-package our module signing keys into a separate package
known as 'linux-keys'.
Testing:
- Build all out of tree modules successfully.
- An ISO image can be built out successfully.
- Installation of the ISO image is successful with standard and
low-latency profiles.
- The out of tree modules can be loaded successfully when secure boot is
enabled.
- Make sure there are not the keys in the lab that installed
with the ISO image.
Closes-Bug: 1992214
Signed-off-by: Jiping Ma <jiping.ma2@windriver.com>
Change-Id: I73e80b5869ebdc8b57771b7f016d9c9037a0d512
bc9df334b7