--- dkms.orig	2022-10-15 09:52:57.506436550 +0200
+++ dkms	2022-10-15 10:33:31.222380384 +0200
@@ -886,8 +886,20 @@
         echo "Sign command: $sign_file"
     fi
 
-    if [ ! "${mok_signing_key}" ]; then
-        mok_signing_key="/var/lib/dkms/mok.key"
+    if [[ -z "${mok_signing_key}" ]]; then
+        case "$running_distribution" in
+            ubuntu* )
+                mok_signing_key="/var/lib/shim-signed/mok/MOK.priv"
+                mok_certificate="/var/lib/shim-signed/mok/MOK.der"
+                ;;
+            debian* )
+                mok_signing_key="/var/lib/shim-signed/mok/MOK.priv"
+                mok_certificate="/var/lib/shim-signed/mok/MOK.der"
+                ;;
+            * )
+                mok_signing_key="/var/lib/dkms/mok.key"
+                ;;
+        esac
     fi
     echo "Signing key: $mok_signing_key"
 
@@ -899,12 +911,12 @@
     case "$running_distribution" in
         debian* | ubuntu* )
 
-            if [[ -x "$(command -v kmodsign)" ]]; then
+            if [[ ! -x "$(command -v kmodsign)" ]]; then
                 echo "Binary kmod-sign not found, modules won't be signed"
                 return
             fi
 
-            if [[ -x "$(command -v update-secureboot-policy)" ]]; then
+            if [[ ! -x "$(command -v update-secureboot-policy)" ]]; then
                 echo "Binary update-secureboot-policy not found, modules won't be signed"
                 return
             fi