Comment 0 for bug 1972802

[Impact]
Mok keys is not trusted after kernel 5.17

[Fix]
Enable the CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT and CONFIG_IMA_ARCH_POLICY for fixing the patch
"[patch] integrity: Do not load MOK and MOKx when secure boot be disabled" was added to check if secureboot enabled for trusting the MOK key

[Test]
Enroll Mok key and use it to sign kernel modules, make sure secure boot is on and load the kernel module by either modprobe or insmod.

[Regression Risk]
Low. only affect the checking secureboot enable function.