I was trying to install a dkms package on focal and it would ask for the MOC signing password but then on reboot it would not confirm it so I still couldn’t load the module
I figured out how to manually add the signing key. I likely broke the whole secure boot thing while I was at it but that’s a problem for another day.
First make sure that a key has been generated
sudo update-secureboot-policy --new-key
Then copy that key to somewhere accessible during boot
sudo cp /var/lib/shim-signed/mok/MOK.der /boot/efi/EFI/ubuntu
Now force the MOK shim to run during boot
sudo mokutil --disable-validation
During boot you should get a nice blue screen that says add key from disk. Find the MOK.der you copied above.
Now you should be able to load DKMS signed modules.