The customer is requesting to improve mokutil return codes. Below is an example:
~~~
[root@localhost ~]# mokutil --sb-state
SecureBoot enabled

[root@localhost ~]# echo $?
0

[root@test]# sudo mokutil --test-key /opt/Symantec/sdcssagent/driver/key.der
/opt/Symantec/sdcssagent/driver/key.der is not enrolled

[root@test]# echo $?
0
~~~

Above when both the commands are executed, the exit code is zero. The customer is requesting to have a different exit code depending upon the results. Example:
~~~
 --test-key  ==> If enrolled then exit code should be 0; is not then exit code should be 1.
 --sb-state ==> If enabled exit 0; if not enable exit 1
~~~

 The customer has provided few example where the exit codes are working as expected. 
~~~

• rpm -q package: Returns 0 if installed, 1 if not installed
• grep pattern file: Returns 0 when pattern found, 1 when not found
• command -v program: Returns 0 if program exists, non-zero if not
• systemctl is-active service: Returns 0 if active, non-zero otherwise
  ~~~

Business Requirements:
---------------
We need to automate the verification of Secure Boot status and key enrollment in our security and compliance scripts. Linux tools should follow the standard convention where return codes provide programmatic information about results, without having to parse output text.

Without consistent return codes, we must use non-recommended methods like parsing output text, which makes our scripts:

    Fragile when versions change (text output may change)

    Vulnerable to internationalization issues

    More complex to maintain

    Less reliable for our security automation

For our production environments, we need a reliable method to verify Secure Boot status and key enrollment in our automation pipelines and monitoring tools. Other tools in the security ecosystem (like fwupdmgr, cryptsetup, openssl) follow this pattern. Having mokutil match this behavior would provide consistency.
---------------