trust machine keyring (MoK) by default
authorLuca Boccassi <bluca@debian.org>
Wed, 29 Nov 2023 07:45:07 +0000 (08:45 +0100)
committerSalvatore Bonaccorso <carnil@debian.org>
Wed, 29 Nov 2023 07:45:07 +0000 (08:45 +0100)
commit5e46b69c9c544b7e88592923864ec7c6b34ef092
tree0094e59ba3a8ed43dde17dac42c6cd452243f15b
parent73329d50306a80ffbb26360753028f6354a236c9
trust machine keyring (MoK) by default

Debian always trusted keys in MoK by default. Upstream made it conditional on
a new EFI variable being set. To keep backward compatibility skip this check.

Gbp-Pq: Topic features/all/db-mok-keyring
Gbp-Pq: Name trust-machine-keyring-by-default.patch
security/integrity/platform_certs/machine_keyring.c