X.509: Partially revert patch to add validation against IMA MOK keyring

Partially revert commit 41c89b64:

	Author: Petko Manolov <petkan@mip-labs.com>
	Date:   Wed Dec 2 17:47:55 2015 +0200
	IMA: create machine owner and blacklist keyrings
 
The problem is that prep->trusted is a simple boolean and the additional
x509_validate_trust() call doesn't therefore distinguish levels of
trustedness, but is just OR'd with the result of validation against the
system trusted keyring.

However, setting the trusted flag means that this key may be added to *any*
trusted-only keyring - including the system trusted keyring.

Whilst I appreciate what the patch is trying to do, I don't think this is
quite the right solution.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Petko Manolov <petkan@mip-labs.com>
cc: Mimi Zohar <zohar@linux.vnet.ibm.com>
cc: keyrings@vger.kernel.org

crypto/asymmetric_keys/x509_public_key.c

@@ -321,8 +321,6 @@ static int x509_key_preparse(struct key_preparsed_payload *prep)
 			goto error_free_cert;
 	} else if (!prep->trusted) {
 		ret = x509_validate_trust(cert, get_system_trusted_keyring());
-		if (ret)
-			ret = x509_validate_trust(cert, get_ima_mok_keyring());
 		if (!ret)
 			prep->trusted = 1;
 	}