Fix the orphan snakeoil/OVMF_VARS.snakeoil.fd file

[valentindavid]

snakeoil/OVMF_VARS.snakeoil.fd might not match OVMF_CODE.secboot.fd we use in tests.

Here are some ways we could handle it:

• Use lockdown.efi from efitools to install snakeoil keys on any OVMF_VARS.fd
• Put the snakeoil keys as well as code and variables images for OVMF in a separate repo.

[alfonsosanchezbeato]

Ideally we would want to build them in a scriptable way, but not sure how feasible will that be. The minimum we want is to have some instructions on how to regenerate the file manually (start with OVMF, put the fw in set-up mode, etc).

[valentindavid]

I have done something in the past that was totally automated. An efi script that calls lockdown.efi then powers off. We just make a small image with that and boot qemu with OVMF_CODE.secboot.fd and OVMF_VARS.fd (the non secboot one). That will boot as setup mode and lockdown.efi will just install the keys.

[xnox]

Note, we can drop .fd whilst keeping the keys.

I added it here, because at the time most people were not on $newest release to have direct access to .fd file.

It is available in ubuntu for x86_64 since focal, and for x86_64 and arm64 since jammy https://packages.ubuntu.com/search?suite=jammy&arch=any&searchon=contents&keywords=snakeoil.fd

Thus one should use edk install on a given ubuntu host to boot with those variables in place, on either x86_64 or arm64.

I am in favor of removing the snaokeoil.fd file.

[xnox]

The tests should use code & vars for snakeoil as shipped in the ubuntu archive.