Can't remove enrolled keys and change SecureBoot state

I have UEFI Secure Boot enabled and when I boot to the linux I don't see message 'You are booting in insecure mode' or something like that, but when I am in OS and i check for shim secure boot state i got this.

$ mokuitil --sb-state
SecureBoot disabled

when I want to enable I got error in MokManager that secure boot state is not empty or something like that. Which I think means that I have enabled shim secure boot state but with above command it's wrong output. From there i can --disable-validation (with message at boot that it is in insecure mode)and after that i can --enable-validation which will give me still SecureBoot disabled without message at boot.

With hexdump first line finishes with 0 which means that shims secure boot state is disabled. If it's 1 it would be enabled. This is i think the problem with output, probably.

$ hexdump /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
0000000 0006 0000 0000
0000005

Problem 2!

with dmesg I see that i have enrolled trusted key

Loaded UEFI:MokListRT cert 'Canonical Ltd. Master Certificate Authority: ad91990bc22ab1f517048c23b6655a268e345a63' linked to secondary sys keyring

and with $mokutil --list-enrolled i see that key. but when i want to delete it in MokManager I got again error 0xEd or something similar. I tried manually to delete through --export and through mokutil --reset. Nothing worked. I don't know whether i can even delete this key and what is it. But I want to delete all keys signed by me.

I want to delete this key because when i import trusted keys from UEFI motherboard there is the same key with the same ID. but it's from db list.

Thanks for help.

Thanks.