Description: Does not enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism
References:
 https://lkml.org/lkml/2020/9/15/1871
 https://lore.kernel.org/lkml/20200916004927.64276-1-eric.snowberg@oracle.com/
 https://lore.kernel.org/lkml/2660556.1610545213@warthog.procyon.org.uk/
Notes:
 bwh> This is only relevant to kernel versions that support the
 bwh> UEFI Secure Boot key store and/or are themselves signed.
 carnil> The commit adds a new config option SYSTEM_REVOCATION_LIST to
 carnil> enable the facility.
Bugs:
upstream: released (5.13-rc1) [56c5812623f95313f6a46fbf0beee7fa17c68bbf]
6.1-upstream-stable: N/A "Fixed before branch point"
5.10-upstream-stable: released (5.10.47) [45109066f686597116467a53eaf4330450702a96]
4.19-upstream-stable: N/A "Secure Boot key import not supported"
4.9-upstream-stable: N/A "Secure Boot key import not supported"
sid: released (5.14.6-1)
6.1-bookworm-security: N/A "Fixed before branch point"
5.10-bullseye-security: released (5.10.70-1)
4.19-buster-security: needed
4.9-stretch-security: N/A "Secure Boot key import not supported"