It is sometimes useful to use a real TKey even when running with the
test devicetree. Put it first, so it becomes the default. Update tests
to select the emulator explicitly.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Rather than Blake2b, use SHA256 to obtain the disk-encryption key based
on the key material provided by the TKey. This matches the upcoming
disk-encryption test.
Signed-off-by: Simon Glass <simon.glass@canonical.com>
Add a new 'tkey' command that provides an interface to interact with
Tillitis TKey security tokens. Subcommands include:
- info: Display device information (UDI, name, version, mode)
- load: Load and run applications on the TKey
- pubkey: Get the public key from a signer app
- getkey: Derive disk encryption keys with password and USS
This command enables U-Boot to use TKey devices for secure key
derivation for full-disk encryption.
Co-developed-by: Claude <noreply@anthropic.com>
Signed-off-by: Simon Glass <sjg@chromium.org>
