Comment 8 for bug 1981449

This is due to the patch "[patch] integrity: Do not load MOK and MOKx when secure boot be disabled" was added to check if secureboot enabled for trusting the MOK key,
https://lore<email address hidden>/T/

Unfortunately, the checking function, arch_ima_get_secureboot(), needs the config,
CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT=y and it's dependency CONFIG_IMA_ARCH_POLICY

https://bugs.launchpad.net/oem-priority/+bug/1972802