Upstream ironic is proposing[1] supporting packaging images inside bare OCI container images (rather than a self-extracting exectutable container image as edpm-hardened-uefi:current-podified is).

To assist with this transition, the init container created by openstack-baremetal-operator should be replaced with a utility container which can extract the file from the edpm-hardened-uefi container image. One possible implementation is using a podman container image to do this, for example using registry.redhat.io/ubi9/podman:latest as the init container running the following script: 

image="quay.io/podified-antelope-centos9/edpm-hardened-uefi:current-podified"
container_id=$(podman create "$image")
podman cp $container_id:/edpm-hardened-uefi.qcow2.sha256 ./edpm-hardened-uefi.qcow2.sha256
# TODO determine if qcow2 needs to be extracted also
podman cp $container_id:/edpm-hardened-uefi.qcow2 ./edpm-hardened-uefi.qcow2
podman rm $container_id

Once this approach is in place, the packaging of edpm-hardened-uefi.qcow2 can be changed so that no base image or copy_out.sh extract script is required. This will then comply with the image packaging proposal in [1] so when metal3 supports this then the provision server of openstack-baremetal-operator can be deleted entirely

[1] https://review.opendev.org/c/openstack/ironic-specs/+/933612