The OS kernel should contain the public key of the module getting inserted as part of trust chain, So the first step in doing this is to add the public key into the kernel system key database,

Every time the PAMSC kernel module loads, the OS kernel checks the signature of the module using the relevant public key.

Following steps are necessary for adding PAMSC public key into the secured kernel key database.

1. import public key present in the installation directory to the MOK list 

# cd /opt/CA/PAMSC/bin/

# mokutil --import  BroadcomInc.der

input password:

input password again:

This command will ask for a new password of your choice which is required during MOK enrollment    

Note, to avoid issues, use a password consisting of alpha - numeric characters only

2. Confirm the key is added without any error and restart the machine into Firmware

3. During the secured efi boot up MOK key enrollment request will be noticed by shim.efi
   
   
   
   You will need to enter the password you previously associated with this request and confirm the enrollment. Your public key is added to the MOK list, which is persistent.

4. After reboot, verify if the key is in the database by using this command
   
   

# mokutil -l

Search for PAMSC or Broadcom strings in the key list to confirm the key is loaded. 

5. if the key is loaded, you can run seload to start PIM / PAMSC