This adds support for seamless booting of Qubes with a TPM disk key,
as well as signing of qubes files in /boot with a Yubikey.
The signed hashes also includes a TPM counter, which is incremented
when new hashes are signed. This prevents rollback attacks against
the /boot filesystem.
The TPMTOTP value is presented to the user at the time of entering
the disk encryption keys. Hitting enter will generate a new code.
The LUKS headers are included in the TPM sealing of the disk
encryption keys.
This also adds a set of files in the qubes/ directory that
are meant to be copied to the /boot partition.
Issue #154: for ease of upgrading Qubes, the script should
live on /boot instead of in the ROM. This requires a GPG
signature on the startup script to avoid attacks by modifying
the boot script.
Issue #123: this streamlines the boot process for Qubes, although
the disk password is still not passed in correctly to the initrd
(issue #29).
This does not address issues #110 of how to find the root device.
The best approach is probably disk labels, which will require
special installation instructions.
