Design code-signing service for Secure Boot

Raphaël asked me to look into design work for this item from the milestone 4 requirements, on the grounds that we want to get started on it early to support ELTS:

MUST: Implement Task for package signing for secure boot support
  Support hardware security devices storing the signature keys
  Need to implement some logic that detects when packages have to be post-processed with a signature step

This will depend on collections ( #243 (closed)) and possibly also on workflows.

I've spent some time looking into code-signing and considering how we might integrate it into debusine, and I've got far enough along to be able to propose an MR for some early feedback, which I'll attach to this issue.

Edited Jan 23, 2024 by Colin Watson

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information