In the new lat-sdk.sh, the shim binary for secure boot has been
updated which is signed by tis-boot key.
In other words, in the trusted chains, we only replace DB with
tis-boot, and other still use built-in certs
DB --> MOK --> Grub GPG --> kernel/initramfs/grub.cfg
In this way, the debian secure boot image could boot on the host
in which the BIOS has been inserted with tis-boot key
Test Plan:
Pass: Rebuild container lat
Pass: build-image --std
Pass: Do secure boot install on qemu
Story: 2008846
Task: 45591
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Change-Id: Ic35820beb7c911cb37dac8916bfce9e3d9a112b8
ba70066c78