If you are using the Dell Docking Station D6000, you need to install the DisplayLink driver. There are already some descriptions, the most helpful was this one: https://askubuntu.com/questions/762254/why-do-i-get-required-key-not-available-when-install-3rd-party-kernel-modules?newreg=0b40ea9dac5c4042af4e1ca30e56a7fb, but it was slightly different to my setup, therefore a similar description here:
Installation of the DisplayLink driver is pretty straightforward. However, if you have SecureBoot enabled, Ubuntu won’t be able to load the driver. You will see something like this in /var/log/syslog:
May 21 19:41:40 systemd[1]: displaylink-driver.service: Scheduled restart job, restart counter is at 52.
May 21 19:41:40 systemd[1]: Stopped DisplayLink Driver Service.
May 21 19:41:40 systemd[1]: Starting DisplayLink Driver Service...
May 21 19:41:40 sh[9231]: modprobe: ERROR: could not insert 'evdi': Operation not permitted
May 21 19:41:40 kernel: [ 281.896821] Lockdown: modprobe: unsigned module loading is restricted; see man kernel_lockdown.7
May 21 19:41:40 sh[9257]: Module evdi/1.9.1 already installed on kernel 5.11.0-17-generic/x86_64
May 21 19:41:40 sh[9232]: modprobe: ERROR: could not insert 'evdi': Operation not permitted
May 21 19:41:40 systemd[1]: displaylink-driver.service: Control process exited, code=exited, status=1/FAILURE
May 21 19:41:40 systemd[1]: displaylink-driver.service: Failed with result 'exit-code'.
May 21 19:41:40 systemd[1]: Failed to start DisplayLink Driver Service.
So, obviously modprobe cannot load the module named evdi.ko because it’s not digitally signed.
So, you have to perform the following steps to get this module loaded successfully.
- Locate the module
evdi.ko - Create a private/public key pair
- Sign the module with the generated key
- Add a the Signature Keys for UEFI Secure Boot
- Reboot the system and enroll the key
Here are the details:
- 1. Locate the module
evdi.ko: When using Ubuntu, the module should be located here:ls /lib/modules/$(uname -r)/dkms/evdi.ko
- 2. Use openssl to create a key pair:
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=MyPersonalKeyPair/".
- 3. Sign the module using the following command:
sudo /usr/src/linux-headers-$(uname -r)/scripts/sign-file sha256 ./MOK.priv ./MOK.der /lib/modules/$(uname -r)/updates/dkms/evdi.ko
- 4. Import the key by using the following command:
sudo mokutil --import MOK.der. Important note: Themokutiltool will prompt you for a password which you need to enter again in a subsequent step. If you use a non-US keyboard layout, you might run into troubles when using characters which deviate from that layout. So, if you use the character ‚z‘ on a German layout, you may use character ‚y‘ in the next step. To avoid this hassle, just use numbers and/or characters which are the same with the US keyboard layout.
- 5. Reboot your machine. Follow the steps below:
– Select „Enroll MOK“
– You may want to check the imported key using „View key 0“
– Select „Continue“
– Say „Yes“ to „Enroll the key(s)“
– Enter the password you have specified in step 4.
– Let it reboot
- 6. Now the module should load successfully. You may check using
sudo mokutil --list-enrolledif the new key has been enrolled. Enjoy using DisplayLink!
NOTE: If your kernel is getting updated, you need to redo step 4. All other steps can be skipped. After applying the command, DisplayLink should work again instantly, no reboot required.