In the past we disable signatrure verification as long as
module.sig_enforce=0 is not set explicitly. This is not compatible with
older COS milestones when secure boot is enabled. Given that we won't
enable signature verification through kernel config for older COS
milestones, it's safe to assume signature verification is not enabled
as long as module.sig_enforce=1 is not in kernel command line.
In the past we disable signatrure verification as long as module.sig_enforce=0 is not set explicitly. This is not compatible with older COS milestones when secure boot is enabled. Given that we won't enable signature verification through kernel config for older COS milestones, it's safe to assume signature verification is not enabled as long as module.sig_enforce=1 is not in kernel command line.