image_verify: Support other images

The code was verifying BMC images only, make it support other images
e.g. BIOS tarball.

The change moves the verifySignature() call before checking the purpose,
so that every image is to be verified.

The `Signature::verify()` is updated to support:
* If the BMC images exists in the tarball, verify all of them;
* If one of the optional images exists in the taball, verify it;
* Return true when either BMC or the optional images are verfied.

The `optional-images` config option removes the "choices", so that a
bbappend could set its own optional images, e.g. `bios.bin`, `fpga.bin`,
etc.

Be noted that the code in verifyFullImage() uses hard-coded images when
WANT_SIGNATURE_FULL_VERIFY is defined, which is not generic.
So if WANT_SIGNATURE_FULL_VERIFY is defined, the verify will fail for
BIOS tarball.

Tested: Enable field mode and verify the BIOS code update fails on
        invalid or missing signatures, and succeeds on valid signatures.

Signed-off-by: Lei YU <yulei.sh@bytedance.com>
Change-Id: Id5e1d2eb2c3daec91f24819ec78fa864dc92f0b1
4 files changed