This patch adds signature verification routines to the loader. It uses the newly added secureboot library. The trusted/revoked certificates are obtained from UEFI db/dbx variables. Support for authorized timestampts stored in dbt are not implemented. Headers with definitions of UEFI standardized structures were copied from edk2
There is potentially a lot of overlap with D16335 libsecureboot could be a better name for that than libve.
It would be good to leverage both.
For example D16335 contains an api which can verify hash of file as side effect of reading (reduces boot overhead),
it isn't used yet due to the considerable churn on loader module reading logic.
Also D16335 can work without UEFI - but the combination would be better.
Phab is a horrible way to conduct a discussion though - perhaps an email exchange would be useful.