add initial design overview and threat model

[THS-on]

This add new section called design. This includes a more high level description of all the components in Keylime and a basic threat model.

[edwards-n]

I think the threat model and high level design are very helpful documents. A suggestion on UEFI event log versus PCR golden values. Golden values are fragile when you are making changes - we've seen this when attesting physical servers. If you make a change to the system, PCRs can change and there is no easy way to verify that the new value is good. So validation the UEFI event log is more secure. You might want to add something about this to the text.

[THS-on]

So validation the UEFI event log is more secure. You might want to add something about this to the text.

@edwards-n I hinted to that in the overview, but I agree that it should be more explicit stated in the text.

[aplanas]

There are some minor typos that can be fixed later, but this test is really useful.

[THS-on]

@edwards-n I added now a statement that the measured boot policy engine is preferred over static PCR values.

@aplanas If you have the time can you mark the typos? Then I can fix them in this PR.

@kkaarreell I added the inclusion of a nonce in the quote. Is this explanation enough?

[aplanas]

If you have the time can you mark the typos?

Sure, I am not English native and is usually others pointing me

[kkaarreell]

@kkaarreell I added the inclusion of a nonce in the quote. Is this explanation enough?

@THS-on yes, thank you.

[mpeters]

@THS-on did you want to fix those typos in this PR or the next?

[THS-on]

@THS-on did you want to fix those typos in this PR or the next?

@mpeters I'll fix them tomorrow in this PR.

[THS-on]

@aplanas thanks for the comments! I updated the document to include fixes for them.