--- tenant.conf.ORIG	2026-05-13 15:15:10.299081972 +0200
+++ tenant.conf	2026-05-13 15:18:47.490002713 +0200
@@ -106,7 +106,8 @@
 # might provide a signed list of EK public key hashes.  Then you could write
 # an ek_check_script that checks the signature of the allowlist and then
 # compares the hash of the given EK with the allowlist.
-require_ek_cert = True
+# require_ek_cert = True
+require_ek_cert = False
 
 # Optional script to execute to check the EK and/or EK certificate against a
 # allowlist or any other additional EK processing you want to do. Runs in