cf5effabb2
Fixes #8995 There is no security impact, as the actual SecureBoot state/configuration is measured into the PCR 7 and the disk encryption key unsealing is tied to this value. This is more to provide a way to avoid accidentally encrypting to the TPM while SecureBoot is not enabled. Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>