Ubuntu 20.04 focal secure boot

I was trying to install a dkms package on focal and it would ask for the MOC signing password but then on reboot it would not confirm it so I still couldn’t load the module

I figured out how to manually add the signing key. I likely broke the whole secure boot thing while I was at it but that’s a problem for another day.

First make sure that a key has been generated

sudo update-secureboot-policy --new-key

Then copy that key to somewhere accessible during boot

sudo cp /var/lib/shim-signed/mok/MOK.der /boot/efi/EFI/ubuntu

Now force the MOK shim to run during boot

sudo mokutil --disable-validation

During boot you should get a nice blue screen that says add key from disk. Find the MOK.der you copied above.

Now you should be able to load DKMS signed modules.

One thought on “Ubuntu 20.04 focal secure boot

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.