kexec-save-default: guard TPM LUKS usage with config option

Add CONFIG_TPM_NO_LUKS_DISK_UNLOCK to allow Librem boards to opt
out of using TPM to store LUKS key, and use it to guard the user
option to add the disk encryption key to the TPM.

Select this option for all Librem boards; all other boards which
select CONFIG_TPM=y will have no change in functionality.

Signed-off-by: Matt DeVillier <matt.devillier@puri.sm>

boards/librem13v2/librem13v2.config

@@ -25,6 +25,7 @@ CONFIG_LIBREMKEY=y
 CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem13v4/librem13v4.config

@@ -25,6 +25,7 @@ CONFIG_LIBREMKEY=y
 CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem15v3/librem15v3.config

@@ -27,6 +27,7 @@ CONFIG_LIBREMKEY=y
 CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

boards/librem15v4/librem15v4.config

@@ -27,6 +27,7 @@ CONFIG_LIBREMKEY=y
 CONFIG_LINUX_USB=y
 
 export CONFIG_TPM=y
+export CONFIG_TPM_NO_LUKS_DISK_UNLOCK=y
 export CONFIG_BOOTSCRIPT=/bin/gui-init
 export CONFIG_BOOT_REQ_HASH=n
 export CONFIG_BOOT_REQ_ROLLBACK=n

initrd/bin/kexec-save-default

@@ -45,7 +45,7 @@ fi
 KEY_DEVICES="$paramsdir/kexec_key_devices.txt"
 KEY_LVM="$paramsdir/kexec_key_lvm.txt"
 save_key="n"
-if [ "$CONFIG_TPM" = "y" ]; then
+if [[ "$CONFIG_TPM" = "y" && "$CONFIG_TPM_NO_LUKS_DISK_UNLOCK" != "y" ]]; then
 	if [ ! -r "$KEY_DEVICES" ]; then
 		read \
 			-n 1 \