allow loading unsigned modules due to issues

https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23

debian/control

@@ -80,11 +80,6 @@ Description: enhances misc security settings
   * Bluetooth is blacklisted to reduce attack surface. Bluetooth also has
  a history of security concerns.
  https://en.wikipedia.org/wiki/Bluetooth#History_of_security_concerns
- .
-  * Requires every module to be signed before being loaded. Any module that is
- unsigned or signed with an invalid key cannot be loaded. This makes it harder
- to load a malicious module.
- /etc/default/grub.d/40_only_allow_signed_modules.cfg
  .
  Uncommon network protocols are blacklisted:
  These are rarely used and may have unknown vulnerabilities.

debian/security-misc.maintscript

@@ -2,3 +2,6 @@
 ## See the file COPYING for copying conditions.
 
 rm_conffile /etc/sudoers.d/umask-security-misc
+
+## https://forums.whonix.org/t/allow-loading-signed-kernel-modules-by-default-disallow-kernel-module-loading-by-default/7880/23
+rm_conffile /etc/default/grub.d/40_only_allow_signed_modules.cfg

etc/default/grub.d/40_only_allow_signed_modules.cfg

@@ -1,4 +0,0 @@
-## Requires every module to be signed before being loaded.
-## Any module that is unsigned or signed with an invalid key cannot be loaded.
-## This makes it harder to load a malicious module.
-GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX module.sig_enforce=1"