Cannot re-enable secure boot

[mokproblems]

I had disabled sometime ago secureboot to get a driver for anbox android emulator working. Now I want to re-enable secureboot. I signed the specific android .ko with kmodsign sha512 using the .priv and .der files in /var/lib/shim-signed/mok/ .

When I re-enabled secureboot in my UEFI settings then try to boot I get an 0x1a error. So I changed the mode to "Audit mode" which seems to be the secure boot check but passes through to boot anyways if it fails, for testing this stuff. its better than the tedium of disabling secure boot, then editing something in Ubuntu, then reboot, re-enable, test, ad-infinitum, etc.

Anyways so as I said, when I try to do a 'mokutil --enable-validation', set a temp password, then reboot, in the blue MOK screen when I try to change secure boot state to enabled, enter the temp password, then I get "Failed to delete secure boot state" then just give up and reboot.

Here are the outputs of two relevant files:

# hexdump -C /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
00000000  06 00 00 00 00                                    |.....|
00000005
# hexdump -C /sys/firmware/efi/efivars/SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c
00000000  06 00 00 00 01                                    |.....|
00000005

I had tried mokutil --reset, which seemed to work, and then resetting the db, pk, dbx, kek within my firmware. But I still get similar problem.