RPMB secure storage

[BaochengSu]

Enable eMMC RPMB support and OPTee driver in u-boot so that secure storage could be usable in u-boot.

Also add the RPMB key paring support in u-boot.

[BaochengSu]

Change in V2:

1. Fix the symbolic links in secure-boot-otp-provisioning
2. Make PRODUCT_GENERATION global to reuse it in OPTee for warning PG1 devices on RPMB setup.
3. Integrate edk2 to isar-cip-core.
4. Integrate edk2 StandaloneMM to OPTee.
5. Enable StandaloneMM managed UEFI variable operation in u-boot.
6. Make optee-rpmb command default to u-boot config, since optee build is controlled, expose this command would not bring risks.
7. Rewords u-boot README regarding RPMB key provisioning.

[jan-kiszka]

Let me finish the isar-cip-core review and integration of Sven's patches. We don't want to rebase again here (or worse) but rather consume an upstream-accepted revision.

[BaochengSu]

Let me finish the isar-cip-core review and integration of Sven's patches. We don't want to rebase again here (or worse) but rather consume an upstream-accepted revision.

Fine, schedule-wise I will continue work on this branch for the further topics, such as Key enrolling. To me, the EDK2 part of Sven's patch seems acceptable except the git clone takes too long and occupies too much space. So once there is a final state of the upstream patch I will update here accordingly, since that part takes only one commit in my patch set, it should not produce too many troubles by then.

[BaochengSu]

Change in V3:

• Disable the REE FS for secure storage in optee, RPMB based secure storage is mandatory.
• Add optee-client package, preparing for UEFI key enrolling under linux user-land.
• Rename download tarball name for optee-os for avoiding name collision.

UEFI key enrolling is on the way.

[BaochengSu]

This PR is partially obsoleted by #426, the rest will be obsoleted by upcoming disk encryption integration.