Nvidia on Ubuntu/Kernel modules: Difference between revisions

I came across an issue on the Linux Surface project titled DKMS kernel modules give "Key was rejected by service" on Ubuntu 22.04 with 5.19.2 - which is exactly the same problem I'm witnessing with my DKMS modules on Ubuntu 24.

There is a lot of great detective work in the comments on that issue to help diagnose and debug the issue I'm having.

I modified /etc/dkms/framework.conf to specify the "existing" certs that were generated by DKMS on Ubuntu:

# mok_signing_key=/var/lib/dkms/mok.key
mok_signing_key="/var/lib/shim-signed/mok/MOK.priv"
# mok_certificate=/var/lib/dkms/mok.pub
mok_certificate="/var/lib/shim-signed/mok/MOK.der"

Then I issued an

sudo update-secureboot-policy --enroll-key

Which brings up the NCurses dialog box to supply a password for the Mokutil system

I gave it a (Secure Boot) password. (See Password safe.)

And rebooted

But video still didn't work.

But then I noticed that I inadvertently supplied the incorrect configuration by specifying MOK.der as the key (duplicating the key config). So checking for validity of the key, it seems the key got messed up so I probably need to regenerate it or delete it so the system generates a new one.

The Canonical key is enrolled.

mokutil --list-enrolled
[key 1]
SHA1 Fingerprint: 76:a0:92:06:58:00:bf:37:69:01:c3:72:cd:55:a9:0e:1f:de:d2:e0

mokutil --test-key /var/lib/shim-signed/mok/MOK.der
Not a valid x509 certificate

So, I deleted the bad public cert

rm /var/lib/shim-signed/mok/MOK.der

And deleted all the previous generated modules

rm -rf /var/lib/dkms/nvidia/

And purged all installed nvidia driver

apt-get remove -y --purge '^libnvidia-.*' && apt-get remove -y --purge '^nvidia-*' && apt-get remove -y --purge '*575*' && apt -y autoremove

And then rebooted (should regenerate MOK.der)