Allow to enroll custom IMA keys
Bugzilla: https://bugzilla.redhat.com/2055205
This patch set allows enrolling customer keys for IMA signatures by enabling the .machine keyring for UEFI-based systems. Users will add their customer IMA CA certifciates/keys to the MOK list and the keys will eventually be loaded to the .machine keyring which is linked the the .secondary_trusted_keys keyring.
Signed-off-by: Coiby Xu coxu@redhat.com