docs: clarify Mender compatibility with non-UEFI U-Boot Secure Boot

[nickanderson]

A customer misinterpreted the previous phrasing to mean that Secure Boot
is entirely unsupported when using U-Boot without UEFI.

This update explicitly outlines that while Northern.tech does not
provide pre-validated vendor-specific configurations, Mender is
architecturally compatible with signed U-Boot binaries. This removes
the "not actively supported" disclaimer which was causing confusion
regarding technical feasibility.

Ticket: CE-915

[estenberg]

I think it was intentional as it was, as we don't intend to offer support (e.g. tickets) for Secure boot.

While I don't know all the details of this, why do you separate Non-UEFI Uboot into it's own thing here? I think this is more general.

To me the general note is that Secure boot is outside of scope of Mender. If it works without Mender it should work with Mender. I am fine with rewording it if it's confusing, I've seen that as well.

Maybe rather say something like

"Secure boot should be independent of Mender, and it is generally recommended that you implement Secure boot before integrating Mender to confirm that it works before you integrate Mender. If so, it should continue to work after integrating Mender as well."

Or just remove that paragraph entirely.

[nickanderson]

@estenberg here is a re-phrasing with that last section removed completely. Let me know what you think.

[estenberg]

It is better, I think, though "image-building process must be configured to sign all artifacts that Mender introduces into the boot chain" can be confused by signed Mender Artifacts I think, which is something completely different.

I think someone from Client team who knows Secure boot should review before we merge it.