[PATCH] trust machine keyring (MoK) by default
authorLuca Boccassi <bluca@debian.org>
Thu, 13 Oct 2022 22:22:06 +0000 (00:22 +0200)
committerSalvatore Bonaccorso <carnil@debian.org>
Fri, 10 Jan 2025 10:03:22 +0000 (11:03 +0100)
commite398d188983d81dbc9bf65eeb41bfe1c40ba209d
treed8a077eb9cd2dd2ee5ff8502cac80615f7f5d9b8
parenta286942c4315ce4e835b65517a9d0e9b1e6faf03
[PATCH] trust machine keyring (MoK) by default

From 585cbcb982bffc4a8cee2f3d8d099fc64f9a74b9 Mon Sep 17 00:00:00 2001
Forwarded: not-needed

Debian always trusted keys in MoK by default. Upstream made it
conditional on a new EFI variable being set.
To keep backward compatibility skip this check.

Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name trust-machine-keyring-by-default.patch
security/integrity/platform_certs/machine_keyring.c