uefi-secureboot.yml: switch to Unified Kernel Image (UKI)

Unified Kernel Image includes kernel and initrd which
both are signed with UEFI secure boot. This brings secure
boot closer to userspace.

Use core-image-initramfs-boot to find the real
rootfs and boot systemd init there. No need to hard code
rootfs via qemuboot/runqemu variables.

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Jon Mason <jon.mason@arm.com>

ci/uefi-secureboot.yml

@@ -32,4 +32,20 @@ local_conf_header:
 
     IMAGE_INSTALL:append = " systemd systemd-boot util-linux coreutils"
 
-    TEST_SUITES:append = " uefi_secureboot"
+    TEST_SUITES:append = " uefi_secureboot uki"
+
+    IMAGE_CLASSES += "uki"
+
+    IMAGE_CLASSES += "sbsign"
+    UKI_SB_KEY = "${SBSIGN_KEY}"
+    UKI_SB_CERT = "${SBSIGN_CERT}"
+    QB_KERNEL_ROOT = ""
+    IMAGE_BOOT_FILES:remove = "Image"
+
+    INITRAMFS_IMAGE = "core-image-initramfs-boot"
+    # not for initramfs image recipe
+    IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "uki"
+    IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "sbsign"
+    IMAGE_CLASSES:remove:pn-core-image-initramfs-boot = "testimage"
+    IMAGE_FEATURES:remove:pn-core-image-initramfs-boot = "ssh-server-dropbear"
+    CORE_IMAGE_EXTRA_INSTALL:remove:pn-core-image-initramfs-boot = "ssh-pregen-hostkeys"