Nvidia on Ubuntu/Kernel modules: Difference between revisions
No edit summary |
No edit summary |
||
| Line 49: | Line 49: | ||
And then rebooted (should regenerate MOK.der) | And then rebooted (should regenerate MOK.der) | ||
The system somehow loaded the Nouveau driver - meaning video works great. It's just strange that it does when the module is denylisted in grub:<pre> | |||
grep nouveau /etc/default/grub | |||
GRUB_CMDLINE_LINUX_DEFAULT="nouveau.blacklist=1 quiet splash" | |||
</pre>The nouveau kernel module is definitely in use:<pre> | |||
lsmod |grep nouveau | |||
nouveau 3096576 43 | |||
drm_gpuvm 45056 2 xe,nouveau | |||
drm_exec 12288 3 drm_gpuvm,xe,nouveau | |||
gpu_sched 61440 2 xe,nouveau | |||
drm_ttm_helper 12288 2 xe,nouveau | |||
ttm 110592 4 drm_ttm_helper,xe,i915,nouveau | |||
drm_display_helper 237568 3 xe,i915,nouveau | |||
mxm_wmi 12288 1 nouveau | |||
i2c_algo_bit 16384 3 xe,i915,nouveau | |||
video 77824 3 xe,i915,nouveau | |||
wmi 28672 4 video,wmi_bmof,mxm_wmi,nouveau | |||
</pre> | |||
Revision as of 09:33, 2 July 2025
I came across an issue on the Linux Surface project titled DKMS kernel modules give "Key was rejected by service" on Ubuntu 22.04 with 5.19.2 - which is exactly the same problem I'm witnessing with my DKMS modules on Ubuntu 24.
There is a lot of great detective work in the comments on that issue to help diagnose and debug the issue I'm having.
I modified /etc/dkms/framework.conf to specify the "existing" certs that were generated by DKMS on Ubuntu:
# mok_signing_key=/var/lib/dkms/mok.key mok_signing_key="/var/lib/shim-signed/mok/MOK.priv" # mok_certificate=/var/lib/dkms/mok.pub mok_certificate="/var/lib/shim-signed/mok/MOK.der"
Then I issued an
sudo update-secureboot-policy --enroll-key
Which brings up the NCurses dialog box to supply a password for the Mokutil system
I gave it a (Secure Boot) password. (See Password safe.)
And rebooted
But video still didn't work.
But then I noticed that I inadvertently supplied the incorrect configuration by specifying MOK.der as the key (duplicating the key config). So checking for validity of the key, it seems the key got messed up so I probably need to regenerate it or delete it so the system generates a new one.
The Canonical key is enrolled.
mokutil --list-enrolled [key 1] SHA1 Fingerprint: 76:a0:92:06:58:00:bf:37:69:01:c3:72:cd:55:a9:0e:1f:de:d2:e0
mokutil --test-key /var/lib/shim-signed/mok/MOK.der Not a valid x509 certificate
So, I deleted the bad public cert
rm /var/lib/shim-signed/mok/MOK.der
And deleted all the previous generated modules
rm -rf /var/lib/dkms/nvidia/
And purged all installed nvidia driver
apt-get remove -y --purge '^libnvidia-.*' && apt-get remove -y --purge '^nvidia-*' && apt-get remove -y --purge '*575*' && apt -y autoremove
And then rebooted (should regenerate MOK.der)
The system somehow loaded the Nouveau driver - meaning video works great. It's just strange that it does when the module is denylisted in grub:
grep nouveau /etc/default/grub GRUB_CMDLINE_LINUX_DEFAULT="nouveau.blacklist=1 quiet splash"
The nouveau kernel module is definitely in use:
lsmod |grep nouveau nouveau 3096576 43 drm_gpuvm 45056 2 xe,nouveau drm_exec 12288 3 drm_gpuvm,xe,nouveau gpu_sched 61440 2 xe,nouveau drm_ttm_helper 12288 2 xe,nouveau ttm 110592 4 drm_ttm_helper,xe,i915,nouveau drm_display_helper 237568 3 xe,i915,nouveau mxm_wmi 12288 1 nouveau i2c_algo_bit 16384 3 xe,i915,nouveau video 77824 3 xe,i915,nouveau wmi 28672 4 video,wmi_bmof,mxm_wmi,nouveau
