Package: dkms
Severity: normal
Dear maintainer,
as of Debian bookworm, the most non-intuitive, difficult for users to
figure out setup step that must be applied on Secure Boot enabled
systems is the following:
sudo mokutil --import /var/lib/dkms/mok.pub
This is documented in DKMS readme [1] but that is not easily discovered
by users.
Hence my feature request is to enroll DKMS signing key / automate
running "sudo mokutil --import /var/lib/dkms/mok.pub". As far as I
understand the DKMS and update-secureboot-policy source code in Ubuntu,
it seems that this is already a default feature in Ubuntu. In other
words, it seems Ubuntu is automating the DKMS signing key enrollment.
I have also reported this issue upstream to DKMS [2] because according
to DKMS source code comment,
> Debian's update-secureboot-policy has no --new-key option
this might be a Debian specific issue here, hence also reporting against
Debian's DKMS package.
Cheers,
Patrick
[1] https://github.com/dell/dkms?tab=readme-ov-file#secure-boot
[2] automate running "`sudo mokutil --import /var/lib/dkms/mok.pub`"
https://github.com/dell/dkms/issues/429
