📖 ~1 min read
Table of contents
Symptom & Impact
Third-party kernel modules fail to load with ‘Required key not available’.
Environment & Reproduction
Secure Boot enabled; the module is not signed by an enrolled MOK.
Root Cause Analysis
Kernel enforces module.sig_enforce when Secure Boot is on.
Quick Triage
dmesg | grep -i ‘key|signature’ after the modprobe failure.
Step-by-Step Diagnosis
mokutil –sb-state and mokutil –list-enrolled show key status.
Solution – Primary Fix
Generate a MOK, sign the module, enroll via mokutil –import and reboot to confirm.
Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.
Solution – Alternative Approaches
Use DKMS with akmods or kmod-* packages signed by the vendor.
Verification & Acceptance Criteria
modinfo and lsmod show the module loaded after reboot.
Rollback Plan
Unload the module, disable autoload, or boot with Secure Boot off temporarily.
Prevention & Hardening
Bake signed modules into a custom RPM and enroll the MOK via Kickstart.
Related Errors & Cross-Refs
Related: kernel-devel mismatch and akmod build failures.
Related tutorial: View the step-by-step tutorial for centos-stream-9.
View all centos-stream-9 tutorials on the Tutorials Hub →
Browse all common problems & solutions on the Tutorials Hub.
References & Further Reading
shim and mokutil documentation; Red Hat Secure Boot KB.
Need Expert Help?
If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.
