Currently we package our module signing keys as part of
the 'kernel-devel' package. This means that anyone obtaining
our 'kernel-devel' package, which we do publish, can produce
signed modules. This violates the intent of secure boot.
Re-package our module signing keys into a separate package
known as 'kernel-devel-keys'.
Testing:
- An ISO image can be built out successfully.
- Installation of the ISO image is successful with standard and
low-latency profiles.
- Make sure there are not the keys in the lab that installed
with the ISO image.
Closes-Bug: 1988361
Signed-off-by: Jiping Ma <jiping.ma2@windriver.com>
Change-Id: I4b5235fdb0fffa32cc7fd40c7870d0ddeec6595e
4aa9658077