Enabled secure boot once in my bios. Now everything is a mess

I’m using Fedora 37 dual booted with windows.
recently I upgraded my windows to 11 and I faced an issue where the solution was to enable secure boot.

I enabled it and well, things got out of control.
everything started when I booted into my fedora desktop. I saw a message saying NVIDIA kernel module missing. Falling back to nouveau.

and logged into my X11 session(because my laptop uses OPTIMUS technology) to see that my graphics card is no longer the GL renderer. The biggest issue is that when I opened chrome my wole screen just started to freeze and get laggy and all that.

Forgot some specs that might help

I use graphics card RTX 3060
with nvidia driver version 520

Which did you install first: Windows or Fedora?

Yes, Microsoft Windows 11 requires UEFI Secure Boot and TPM to be enabled by default. But there are workarounds to these two requirements.

I installed fedora first…then windows 10 then my windows 10 received the windows 11 upgrde

When you installed Fedora first followed by Windows 10, did you use legacy BIOS (MBR BIOS) or UEFI?

I used UEFI

  1. When you installed Fedora 37, was secure boot enabled in UEFI settings?

  2. After installing Fedora 37 and you were about to install Windows 10, was secure boot enabled?

  3. Does your machine have TPM? If you are unsure of it, please tell us the hardware specifications of your machine? What is the brand and model name/number of your laptop computer? In which year did you buy it?

Fedora 37 was initially Fedora 36 but was updated on the official release date to F37.

I’m unsure of the tpm thing but my specs are:

intel core i7 12700H

RTX 3060

Laptop is Asus TUF F15
Model FX507ZM
I bought it this year

aand no secure boot wasn’t enabled but the bios was uefi when I installed F36

Desk/laptop computers sold after 2015 do support TPM either via hardware or firmware.

Your issue happened because Fedora 36/37 is not Secure Boot-enabled but Windows 11 is.

If you do not mind and have time to spare, may I suggest that you first back up your important files/documents to an external storage device, secure erase with your preferred software** that is tailored to erase PCIe NVMe SSDS.

Next perform a clean reinstall of Fedora 37 first followed by Windows 11. Most articles on the internet recommend that you install Microsoft Windows OS first followed by a Linux or *BSD distro. Please read my post Dual boot with Microsoft Windows 11: Workaround for two bugs in Fedora 37 Everything installer

As there are two bugs in Fedora 37’s installer, I doubt you can just delete the F37 partitions and reinstall said distro. A clean reinstall of both F37 and Win11 would be the preferred course of action.

That seems overkill and I don’t see how it would fix anything. The problem is not with Fedora; it already boots fine with Secure Boot enabled. The problem is that the nVidia drivers are not signed and so do not load.

RPM Fusion has some instructions here for how to enable signing of the nVidia driver:

It cannot be done automatically because you need to enroll the signing key into your motherboard firmware, which requires an external-to-Fedora confirmation.

1 Like

Well, it’s not just an issue with nVidia drivers. It seems that he has problems with Chrome and feels that his machine is sluggish.

it runs pretty well with some performance reduction like some apps taking longer time to work than what’s usual.

Chrome is the only app that cause the chaos on my monitor

The sluggish feeling is likely because the nouveau drivers are not (fully) accelerated and Chrome needs well-supported graphics to work properly.

RPM Fusion has some instructions here for how to enable signing of the nVidia driver:

I followed the steps here and all worked like a charm

Thank you all for your time. Really appreciated

Not true

The nvidia modules did not load because with secure boot enabled and the modules unsigned they cannot load.

The fix is shown at the rpmfusion web site as indicated by @qulogic above.
Follow the steps shown in that linked instruction to enable signing of newly installed and compiled modules, but one additional step is required before you reboot.
dnf remove kmod-nvidia* to remove all the unsigned nvidia modules.

After the reboot then run dnf reinstall akmod-nvidia to force a rebuild of the modules (which will now be signed) then follow that with another reboot to load the new modules and the nvidia drivers should now be loaded.