From 09f66e93df4b32681d28f5957824dc6a32907f62 Mon Sep 17 00:00:00 2001
From: Jonathon Hall <jonathon.hall@puri.sm>
Date: Fri, 30 Jun 2023 13:13:48 -0400
Subject: [PATCH] Root hashes: enable even if there is no TPM

This feature doesn't require a TPM.  The configuration GUI appears
either way, but the actual check was silently skipped on TPM-less
devices.  Enable it even if there is no TPM.

Signed-off-by: Jonathon Hall <jonathon.hall@puri.sm>
---
 initrd/bin/kexec-select-boot | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/initrd/bin/kexec-select-boot b/initrd/bin/kexec-select-boot
index 20da8d51..d91f1674 100755
--- a/initrd/bin/kexec-select-boot
+++ b/initrd/bin/kexec-select-boot
@@ -393,7 +393,7 @@ while true; do
 		scan_options
 	fi
 
-	if [ "$CONFIG_TPM" = "y" -a "$CONFIG_BASIC" != "y" ]; then
+	if [ "$CONFIG_BASIC" != "y" ]; then
 		# Optionally enforce device file hashes
 		if [ -r "$TMP_HASH_FILE" ]; then
 			valid_global_hash="n"