diff --git a/README.md b/README.md
index f389bebf42589474a8df0abcf82b42e84fe3d1f1..8fd0a1bcf76e84255d5b16959bf4ad62a83e8db2 100644
--- a/README.md
+++ b/README.md
@@ -9,6 +9,7 @@ The kernel is built automatically by the CI from the [linux kernel sources](http
 It's `config` file is based on the config provided by a Ubuntu 22.04 installation with two changes:
 - The `preemption model` is set to `Fully Preemptible Kernel (RT)`.
 - `Compile the kernel with debug info (DEBUG_INFO)` is set to `no`.
+- `Additional X.509 keys for default system keyring` (`CONFIG_SYSTEM_TRUSTED_KEYS`) set to ""
 
 Before the build, if the new kernel version contains new config keys, the corresponding values are set to their defaults.
 
diff --git a/config b/config
index f5413c1a1eab074a7a27fe5dc810f64703f21719..6fb68f0f5fdd3655f35e5823548a9d8e6bd84e1f 100644
--- a/config
+++ b/config
@@ -10736,7 +10736,7 @@ CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"
 CONFIG_MODULE_SIG_KEY_TYPE_RSA=y
 # CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set
 CONFIG_SYSTEM_TRUSTED_KEYRING=y
-CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"
+CONFIG_SYSTEM_TRUSTED_KEYS=""
 CONFIG_SYSTEM_EXTRA_CERTIFICATE=y
 CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE=4096
 CONFIG_SECONDARY_TRUSTED_KEYRING=y