[FEATURE] Change event 1: Change SHA to XMSS in Secure boot

[podhrmic]

Summary

Secure boot currently uses SHA256 to measure (hash) the firmware image. Change the algorithm to XMSS.

[spernsteiner]

@peterohanley At today's meeting, I mentioned that it might be necessary to split the initial measure operation (hashing the binary before running it) from the later measures (e.g. hashing a config file and mixing it into the measure for use in later attestations). I thought about this a bit more, and I think it might be better to keep the existing measure code as-is, but change the code that checks the initial measure, which currently just checks whether the measure equals a known hash, and replace it with an XMSS signature check. The overall logic would look something like: hash/measure the first N - 32 bytes of the binary, then check that the last 32 bytes are a valid signature for that hash.

It might also be useful to add a third command to the trusted boot daemon to allow other code to check signatures. Currently, before vm_runner mounts the application partition, it passes a hash of the partition to the trusted boot daemon for it to mix into the current measure. We could then have vm_runner pass a signature to the daemon and find out whether it's a valid signature for the updated measure.