This is due to the patch "[patch] integrity: Do not load MOK and MOKx when secure boot be disabled" was added to check if secureboot enabled for trusting the MOK key, https://lore<email address hidden>/T/
Unfortunately, the checking function, arch_ima_get_secureboot(), needs the config,
CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y and it's dependency CONFIG_IMA_ARCH_POLICY
This is due to the patch "[patch] integrity: Do not load MOK and MOKx when secure boot be disabled" was added to check if secureboot enabled for trusting the MOK key, /lore<email address hidden>/T/
https:/
Unfortunately, the checking function, arch_ima_ get_secureboot( ), needs the config, IMA_SECURE_ AND_OR_ TRUSTED_ BOOT=y and it's dependency CONFIG_ IMA_ARCH_ POLICY
CONFIG_
https:/ /bugs.launchpad .net/oem- priority/ +bug/1972802