trust machine keyring (MoK) by default
authorLuca Boccassi <bluca@debian.org>
Wed, 18 Jan 2023 19:56:44 +0000 (19:56 +0000)
committerSalvatore Bonaccorso <carnil@debian.org>
Wed, 18 Jan 2023 19:56:44 +0000 (19:56 +0000)
commit6091e7b5b83897cc7b9e07bf662d4bde1d04159b
treec79c825d3e218b8a1e31e788311387fde4d06418
parentf25e005c7ee6ac03bbcafa0617569ff99c1682ac
trust machine keyring (MoK) by default

Debian always trusted keys in MoK by default. Upstream made it conditional on
a new EFI variable being set. To keep backward compatibility skip this check.

Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name trust-machine-keyring-by-default.patch
security/integrity/platform_certs/machine_keyring.c