Allow enrolling custom db and KEK certs

[Cornelicorn]

Closes #190.

[Cornelicorn]

The hardcoded Owner UUID is just a placeholder. I'm not sure if the Owner UUID should be dynamically associated with every certificate, set once for all custom certificates (statically in sbctl or read from the filesystem as the certificates) or the existing UUID (/usr/share/secureboot/GUID) should be reused

[Foxboron]

I think utilizing a custom GUID for this is fine. It makes it easier to make assumptions on when looking at the signature database.

[Cornelicorn]

I think utilizing a custom GUID for this is fine. It makes it easier to make assumptions on when looking at the signature database.

Ok, I put in a newly generated UUID (instead of the tpm-eventlog one incremented by 1).

[Foxboron]

If you want an additional challenge, you could try to write a test for this using the virtual filesystem layer sbctl has :)

Example: https://github.com/Foxboron/sbctl/blob/master/cmd/sbctl/status_test.go

If you don't have time that is fine as well, but getting more test coverage would be cool.

[Cornelicorn]

You mean a test to check that enrolling custom certificates works?

[Foxboron]

Yep :)

[Cornelicorn]

After looking through the testing suite, I don't think that's quite doable for me right now (It's the first time for me to work with go), sorry.

[Foxboron]

That is fine :) No worries!

[Cornelicorn]

I think GitHub still wants a separate approval for the workflow runs, besides the PR review.

[Foxboron]

Thanks for implementing this :)