spike: UKI Remote boot attestation with KMS

[Itxaka]

We would like to investigate how we can port the KMS to UKI scenarios.

High level scenario:

• uki kairos node with encrypted partitions with a remote KMS in online mode (https://kairos.io/docs/advanced/partition_encryption/)
• during boot we want to measure the system, and that have the expected values
• if not, halt boot before mounting partitions
• if yes, continue

Reference

https://www.redhat.com/en/blog/attestation-confidential-computing https://docs.system-transparency.org/st-1.1.0/docs/selected-topics/remote-attestation/ https://kairos.io/docs/advanced/partition_encryption/#discoverable-key-management-server-kms

[mudler]

Seems we basically had this around already: https://github.com/kairos-io/kairos/issues/2166