The unlock process is quite different with a TKey, since we need to load
the signing app with the user's passphrase as the USS. If the TKey is
not already in firmware mode we must prompt the user to remove and
re-insert it.
The easiest way to implement this is via a state machine. Add the
required logic:
- detect key presence and absence
- prompt for removal and insertion
- send the app, while keeping the UI responsive
- unlock the disk once the TKey provides a key
- report success or failure to the user
Ensure that the logic is only used if CONFIG_TKEY and CONFIG_LUKS are
both enabled.
Co-developed-by: Claude <claude@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Selecting an OS may cause the UI to change, so give it a chance to show
those changes before booting.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
When a mouse pointer is not used, there is typically no need to refresh
the display unless something changes. Add an option to allow slow
refresh.
Signed-off-by: Simon Glass <sjg@chromium.org>
