I was trying to install a dkms package on focal and it would ask for the MOC signing password but then on reboot it would not confirm it so I still couldn’t load the module

I figured out how to manually add the signing key. I likely broke the whole secure boot thing while I was at it but that’s a problem for another day.

First make sure that a key has been generated

sudo update-secureboot-policy --new-key

Then copy that key to somewhere accessible during boot

sudo cp /var/lib/shim-signed/mok/MOK.der /boot/efi/EFI/ubuntu

Now force the MOK shim to run during boot

sudo mokutil --disable-validation

During boot you should get a nice blue screen that says add key from disk. Find the MOK.der you copied above.

Now you should be able to load DKMS signed modules.