Dear Maintainers, Recently I upgraded Ubuntu 22.04 to Debian 12 Bookworm. I used out-of-tree driver 88XXau for my USB WiFi adapter, so with DKMS build I hit the behavior described in this bug, that is, upgraded DKMS created its own key pair in /var/lib/dkms and ignored already-enrolled MOK stored in /var/lib/shim-signed/mok/ .
So I got "Key was rejected by service" when I tried to modprobe the rebuilt module. To resolve this problem, I just symlinked them into /var/lib/dkms : ln -sf /var/lib/shim-signed/mok/MOK.priv /var/lib/dkms/mok.key ln -sf /var/lib/shim-signed/mok/MOK.der /var/lib/dkms/mok.pub After that, I uninstalled/unbuilt this module and reinstalled it using appropriate dkms command-line options. And to my great joy, the rebuilt module was successfully modprobed into the kernel, even without requiring a reboot. So it would be really useful for DKMS, when it is being upgraded over some previous version, to inherit MOK created by shim-signed and to avoid creation of it own MOK.