The unlock process is quite different with a TKey, since we need to load
the signing app with the user's passphrase as the USS. If the TKey is
not already in firmware mode we must prompt the user to remove and
re-insert it.
The easiest way to implement this is via a state machine. Add the
required logic:
- detect key presence and absence
- prompt for removal and insertion
- send the app, while keeping the UI responsive
- unlock the disk once the TKey provides a key
- report success or failure to the user
Ensure that the logic is only used if CONFIG_TKEY and CONFIG_LUKS are
both enabled.
Co-developed-by: Claude <claude@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
29e684deda