Comment 2 for bug 1892797

I agree in principle with having the sbkeysync tool return non-zero when it fails to update. However, as implemented, my understanding is that this will also cause the systemd unit to go into a failed state, and to leave the entire system boot in a 'degraded' state, and I don't think at all that this is something we want - because there will be various cases where, based on the realities of the system firmware, we will be unable to apply the secureboot db updates, and I do not think we should have such systems show in degraded state in perpetuity.

I particularly don't think such a behavior change is appropriate for an SRU.