Secure Boot Key database for SpinetiX products
----------------------------------------------

This directory holds the database of Secure Boot Keys for products
having the SpinetiX Platform Key (UEFI Secure Boot PK 2019) and / or
the SpinetiX Key Exchange Key (KEK CA 2019) and Microsoft Key
Exchange Keys.

The layout and format is as expected by the sbkeysync: one directory
per key database (KEK, db, dbx, PK), one file per key entry and each
file as a signed EFI_SIGNATURE_LIST structure.

The PK is absent since it is to be already installed. The KEK keys are
signed with the SpinetiX PK and all other keys are signed with the
SpinetiX KEK or Microsoft's KEK.

The signed files do not contain the leading 32-bit attribute to use in
the call to SetVariable(), as that is the format expected by sbkeysync.

The 32-bit attribute value used for all signatures is 0x00000067, which
is equivalent to
    EFI_VARIABLE_NON_VOLATILE | EFI_VARIABLE_BOOTSERVICE_ACCESS |
    EFI_VARIABLE_RUNTIME_ACCESS |
    EFI_VARIABLE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS |
    EFI_VARIABLE_APPEND_WRITE

When writing directly via efivarfs in Linux the 4 byte attribute field
needs to be prepended, in little-endian (i.e. 0x67 0x00 0x00 0x00).

