New versions of DKMS have a SIGN_TOOL= feature. Please have a look, see if that looks alright, and give feedback to the DKMS developers:
- module signing for kernel_lockdown · Issue #72 · dell/dkms · GitHub
- implement a simple module signing mechanism by xuzhen · Pull Request #87 · dell/dkms · GitHub
SIGN_TOOL=
The module signing tool to be run at a build. Two arguments will be passed to the signing tool. The first argument is the target kernel version, the second is the module file path. If the tool exits with a non-zero value, the build will be aborted.