spike: investigate UKI and TB support on aarch64 devices

[mudler]

Is your feature request related to a problem? Please describe.
Currently UKI Kairos installations are supporting only x86_64 architectures. It would be beneficial to extend support to ARM boards (E.g. Nvidia AGX Orin).

Describe the solution you'd like
ARM does have the so called TrustedZone: it provides fTPM support "emulation" which provides Trusted Boot support, however, so far implementations are very different from what is proposed with systemd and UKIs, see e.g. https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/design/trusted-board-boot.rst .

However, UKI are generic, and looks like very recently projects like yocto and archboot are gearing support to this:

• https://patchwork.yoctoproject.org/project/oe-core/patch/[email protected]/#21631
• https://archboot.com/ (https://release.archboot.com/aarch64/2024.12/uki/)

Describe alternatives you've considered
Use a TEE-ARM environment to handle disk encryption.

Additional context

• https://developer.arm.com/-/media/Arm%20Developer%20Community/PDF/PSA/DEN0072-PSA_TBFU_1.1-BETA0.pdf?revision=3ce2513a-ae0f-4b43-96a0-851ed67a640b
• https://trustedfirmware-a.readthedocs.io/en/latest/index.html
• https://www.arm.com/technologies/trustzone-for-cortex-m